TWiki System Requirements

Server and client requirements

Low client and server base requirements are core features that keep TWiki widely deployable, particularly across a range of browser platforms and versions. Many Plugins and contrib modules exist which enhance and expand TWiki's capabilities; they may have additional requirements.

Server Requirements

TWiki is written in Perl 5, uses a number of shell commands, and requires RCS (Revision Control System), a GNU Free Software package. TWiki is developed in a basic Linux/Apache environment. It also works with Microsoft Windows, and should have no problem on any other platform that meets the requirements.

5.7 or higher (including GNU diff) Optional, TWiki includes a pure perl implementation of RCS that can be used instead (although it's slower)

GNU diff

GNU diff 2.7 or higher is required when not using the all-Perl RcsLite. Install on PATH if not included with RCS (check version with diff -v) Must be the version used by RCS, to avoid problems with binary attachments - RCS may have hard-coded path to diff

Most of them will probably already be available in your installation. You can check version numbers with the configure script, or if you're still trying to get to that point, check from the command line like this:

perl -e 'use FileHandle; print $FileHandle::VERSION."\n"'

Client Requirements

CSS and Javascript are used in most skins, although there is a low-fat skin (Classic skin) available that minimises these requirements. Some skins will require more recent releases of browsers. The default skin (Pattern) is tested on IE 6, Safari, and Mozilla 5.0 based browsers (such as Firefox).

TWiki Installation Guide

The following is installation instructions for the TWiki 5.0 production release on an Apache web server on Linux. Visit TWiki:TWiki.InstallingTWiki for the latest updates to this guide and supplemental information for installing or upgrading TWiki, including notes on installing TWiki on different platforms, environments and web hosting sites.

If you are upgrading from a previous version of TWiki, you probably want to read TWikiUpgradeGuide instead.

Preparing to install TWiki

Before attempting to install TWiki, you are encouraged to review the AdminSkillsAssumptions. This guide assumes the user installing TWiki has, at a minimum, basic knowledge of server administration on the system on which TWiki is to be installed. While it is possible to install TWiki with FTP access alone (for example, on a hosted site), it is tricky and may require additional support from your hosting service (for example, in setting file ownership and installing missing Perl CPAN libraries).

To help setup a correct Apache configuration, you are very much encouraged to use the automatic tool TWiki:TWiki.ApacheConfigGenerator which generates the contents for an Apache config file for TWiki based on your inputs.

While this installation guide specifically describes installation on an Apache web server on Linux, TWiki should be fine with any web server and OS that meet the system requirements (see below). For additional notes on installing TWiki on other systems, see TWiki:TWiki.InstallingTWiki#OtherPlatforms.

If you are installing TWiki without Unix/Linux root (administrator) privileges (for example, on a hosted domain), see "Notes on Installing TWiki on Non-Root Account" below for supplemental instructions to the basic steps presented below.

If you are upgrading from an earlier major version of TWiki such as Cairo (TWiki-3) or TWiki 4.x you will need the information found at TWikiUpgradeGuide.

One of the more difficult tasks is installation of additional CPAN libraries. See TWiki:TWiki.HowToInstallCpanModules for detailed information on how to install CPAN libraries.

Basic Installation

Copy the downloaded package into the directory where you want to install TWiki (Example: /home/httpd ). Unpack the distribution in it (Example: tar xvfz TWiki-5.0.0.tgz). The unpack will create a directory called twiki which contains the TWiki package. In the rest of this document we assume this directory is called twiki.

Note: TWiki does not allow spaces in the directory names. Especially on Windows make sure to use a directory path without spaces.

Warning: Do not just just run a chmod -R 770 twiki. The access rules have different meaning for files and directories. This is the most common mistake installers make.

The distribution tgz has the file and directory access rights setup to work with a reasonable security level that will work for all types of installations including shared hosting.

The ownership of the twiki directory tree is normally set to the user that unpacked the tgz and will have to be changed to the webserver user using the command chown -R user:group /path/to/twiki. The webserver username varies from Distributions. Examples for some major distributions:

If you mistakenly change the access rights in a way that makes TWiki stop working, simply run the script found at TWiki:TWiki.SettingFileAccessRightsLinuxUnix to set the access right of the entire TWiki tree back to the distributed defaults.

It is possible to define tighter access rules than the ones given by default after the installation is complete. But how tight they should be depends on your distribution and local needs. Typically you may want to limit all access from world if the webserver machine has login access for other users than root and the web server administrator. For a dedicated web server made just for running TWiki with limited login access the default access rights have a good safety level.

Check the Perl installation. Ensure that Perl 5 and the Perl CGI library are installed on your system.

The default location of Perl is /usr/bin/perl. If it's somewhere else, change the path to Perl in the first line of each script in the twiki/bin directory.

Some systems require a special extension on perl scripts (e.g. .cgi or .pl). This is normally only needed under Windows and only where perl scripts are only recognized by file extension. Linux and Unix users should normally never need to do this. If necessary, rename all files in twiki/bin (i.e. rename view to view.pl etc). If you do this, make sure you set the ScriptSuffix option in configure (Step 6).

Create the file LocalLib.cfg located as twiki/bin/LocalLib.cfg

There is a template for this file in twiki/bin/LocalLib.cfg.txt. Simply copy LocalLib.cfg.txt to LocalLib.cfg. Make sure the ownership and access rights of the copy are the same as LocalLib.cfg.txt

The file twiki/bin/LocalLib.cfg must contain a setting for $twikiLibPath, which must point to the absolute file path of your twiki/lib e.g. /var/www/twiki/lib.

If you need to install additional CPAN modules, but can't update the main Perl installation files on the server, you can set $CPANBASE to point to your personal CPAN install. Don't forget that the webserver user has to be able to read those files as well.

Choose best configuration method for your webserver. There are two ways to configure Apache: config file included from httpd.conf or .htaccess files

Apache config file: The recommended method is using a config file. With a config file you can put the entire TWiki configuration in ONE file (typically named twiki.conf). Performance is much better with a config file, and one file gives the best overview and ensures that you get a safe installation . However using a config file requires that you can restart Apache which again means that you need root or sudo access to stop and start Apache. The TWiki apache config file is included from the main Apache config file http.conf. Most distributions have a directory from which any file that ends with .conf gets included when you restart Apache (Example RedHat/Fedora/Centos: /etc/httpd/conf.d). If you use a virtual host setup in Apache you should include the twiki.conf file from inside the desired virtual host config in your Apache configuration.

.htaccess file: This should only be used when you cannot use a config file. Performance is slowed down because Apache has to look through all directories in search for possible .htaccess files each time someone views a page in TWiki. Normally this is the only way to control Apache in a shared host environment where you have no root or sudo privileges.

Configure the webserver

Unless you are an Apache expert setting up the webserver can be quite difficult. But TWiki has three resources that make setting up Apache easier.

The best and easiest way is to use webpage TWiki:TWiki.ApacheConfigGenerator which contains a tool that can generate a safe and working config file for TWiki on Apache.

In the root of the twiki installation you find an example config file twiki_httpd_conf.txt

In the root of the twiki installation and in the twiki/bin directory you find example .htaccess files you can copy and modify. The files contains help text explaining how to set them up. In twiki/bin you find .htaccess.txt which can be copied to .htaccess and defined access to the CGI scripts. In the root of TWiki you find pub-htaccess.txt which you can copy to pub/.htaccess, subdir-htaccess.txt which you can copy to all directories as .htaccess except bin and pub, and you find root-htaccess.txt which you can copy to .htaccess in the twiki root directory. But again only use .htaccess files if you do not have root priviledges.

Note: When you use config files you need to restart Apache each time you change a setting to make the new setting active.

Protect the configure script

You should never leave the configure script open to the public. Limit access to the twiki/bin/configure script to either localhost, an IP address or a specific user using basic Apache authentication. The TWiki:TWiki.ApacheConfigGenerator lets you setup who has access to the configure script. Also the example twiki-httpd-conf.txt and bin/.htaccess.txt files includes the needed setting to protect the configure script.

If you limit the access to a particular user then you need to setup a .htpasswd file that contains the user name and password that Apache will authenticate against. Per default both TWiki:TWiki.ApacheConfigGenerator and the example config files and .htaccess files uses twiki/data/.htpasswd but this file does not exist until you have TWiki running and have registered the first user. You therefore have two options. Either limit the access to localhost or an IP address, or make a .htpasswd file. To make a .htpasswd file change directory to twiki/data and issue the command htpasswd -c .htpasswd username and enter your password when asked. The username must match the Require user username directive in the Apache config file or .htaccess file. Do not use a username you will later use to register in TWiki because TWiki will then claim that you are already registered.

Specify and reenter a password. This is your configure password, as well as the admin user password once TWiki is running.

Note: In case you forgot the password, you can reset it by deleting $TWiki::cfg{Password} from LocalSite.cfg file from {TWIKI_ROOT}/lib directory.

When you run configure for the first time, you can only edit the General Path Settings section. Save these settings, and then return to configure to continue configuration.

Resolve any errors or warnings it tells you about.

If your webserver can be accessed by more than one domain name make sure to add the additional alternative URLs to {PermittedRedirectHostUrls}

When you return to configure you now need to setup Mail and Proxies. Especially the {WebMasterEmail}, and {SMTP}{MAILHOST} must be defined to enable TWiki to send administrative emails, such as for registration and notification of topic changes. Many ISPs have introduced authentication when sending emails to fight spam so you may also have to set {SMTP}{Username} and {SMTP}{Password}. If you do not want to enable mailing or want to enable it later you can uncheck {EnableEmail}.

You now have a basic, unauthenticated installation running. At this point you can just point your web browser at http://yourdomain.com/twiki/bin/view and start TWiki-ing away!

Important Server Security Settings

Before you continue any further there are some basic and very important security settings you have to make sure are set correctly.

As already described above you should protect the configure script from general access. The configure script is designed for use by administrators only and should be restricted to invocation by them only, by using the basic Apache authentication. Because of this there has not been put much effort into hardening the script. The configure script cannot save any settings once the password has been saved the first time, but the script could still be vulnerable to specially crafted field values and the script reveals many details about the webserver that you should not display in public.

You absolutely must turn off any kind of PHP, Perl, Python, Server Side Includes etc in the pub directory. TWiki has some built-in protection which renames files with dangerous filenames by appending .txt to the filename. But this is a secondary security measure. The essential action that you must take is to turn off any possible execution of any of the attached files. Most Linux distributions have a default Apache installation which has PHP and server side include (SSI) enabled.

Make sure that you deny access to all other twiki directories than the bin and pub directories. When you have access to the Apache config files the twiki_httpd_conf.txt file mentioned above also contains protection of these directories. For those that do not have access to the Apache config files a sample subdir-htaccess.txt file can be copied as .htaccess to the data, lib, locale, templates, tools and working directories.

Attachments are not secured by default to the access control setting of the topic. In other words, anyone can read them if they know the direct URL of the attachment, which includes name of the web, topic and attachment. You can configure TWiki to secure attachments.

The TWiki:TWiki.ApacheConfigGenerator as well as the example twiki_httpd_conf.txt and example htaccess.txt files include the needed settings that protect against all 4 security elements.

Next Steps

Once you have TWiki installed and running, you might consider the following optional steps for setting up and customizing your TWiki site. Many of the references below refer to topics within your TWiki installation. For example, TWiki.TWikiSkins refers to the TWikiSkins topic in your TWiki web. Easy way to jump directly to view the pages is to open your own TWiki in your browser and write TWiki.TWikiSkins in the Jump test box to the right in the top bar and hit Enter. You can find these topics in the on-line reference copy at the official TWiki website: TWiki Release 5.0

Enable Authentication of Users

This step provides for site access control and user activity tracking on your TWiki site. This is particularly important for sites that are publicly accessible on the web. This guide describes only the most common of several possible authentication setups for TWiki and is suitable for public web sites. For information about other setups, see TWikiUserAuthentication, and TWiki:TWiki.TWikiUserAuthenticationSupplement.

These are the steps for enabling "Template Login" which asks for a username and password in a web page, and processes them using the Apache 'htpasswd' password manager. Users can log in and log out.

Under the Security Settings pane of configure :

Select TWiki::LoginManager::TemplateLogin for {LoginManager}.

Select TWiki::Users::HtPasswdUser for {PasswordManager}.

Save your configure settings.

Register yourself using the TWikiRegistration topic. Check that the password manager recognizes the new user. Check that a new line with the username and encrypted password is added to the data/.htpasswd file. If not, you probably got a path wrong, or the permissions may not allow the webserver user to write to that file.

Edit a topic (by clicking on the Edit link at beginning or end of topic) to check if authentication works.

Note: The other LoginManager option TWiki::LoginManager::ApacheLogin uses a basic Apache type authentication where the browser itself prompts you for username and password. Most will find the TemplateLogin looking nicer. But ApacheLogin is required when you use Apache authentication methods like mod_ldap where all authentication is handled by an Apache module and not by the TWiki perl code. When you use ApacheLogin the apache configuration must be set up to require authentication of the some but not all the scripts in the bin directory. This section in the Apache config (or .htaccess) controls this

The TWiki:TWiki.ApacheConfigGenerator includes this section when you choose ApacheLogin. In the example twiki_httpd_conf.txt and bin/.htaccess.txt files this section is commented out with #. Uncomment the section when you use ApacheLogin. It is important that this section is commented out or removed when you use TemplateLogin.

Define the Administrator User(s)

Administrators have read and write access to any topic in TWiki, irrespectively of TWiki access controls. When you install TWiki one of the first things you will want to do is define yourself as an administrator. You become an administrator simply by adding yourself to the TWikiAdminGroup. It is the WikiName and not the login name you add to the group. Editing the Main.TWikiAdminGroup topic requires that you are an administrator. So to add the first administrator you need to login using the internal TWiki admin user login and the password you defined in configure.

Note that if you use ApacheLogin you have to be registered and logged in before you use the internal admin login

Set TWiki Preferences

Preferences for customizing many aspects of TWiki are set simply by editing a special topic with TWiki.

TWikiPreferences. Read through it and identify any additional settings or changes you think you might need. You can edit the settings in System.TWikiPreferences but these will be overwritten when you later upgrade to a newer TWiki version. Instead copy any settings or variables that you want to customize from System.TWikiPreferences and paste them into Main.TWikiPreferences. When you later upgrade TWiki simply avoid overwriting the data/Main/TWikiPreferences.txt file and all your settings will be kept. Settings in Main.TWikiPreferences overrides settings in both System.TWikiPreferences and any settings defined in plugin topics. See notes at the top of System.TWikiPreferences for more information.

Enable Email Notification

Each TWiki web has an automatic email notification service that sends you an email with links to all of the topics modified since the last alert. To enable this service:

Confirm the Mail and Proxies settings in the Configure interface.

Setup a cron job (or equivalent) to call the tools/mailnotify script as described in the MailerContrib topic.

Enable Signed Email Notification

TWiki administrative e-mails are an attractive target for SPAM generators and phishing attacks. One good way to protect against this possibility to enable S/MIME signatures on all administrative e-mails. To do this, you need an an X.509 certificate and private key for the the {WebMasterEmail} email account. Obtain these as you would for any other S/MIME e-mail user.

To enable TWiki to sign administrative e-mails:

Enable e-mail as described above

If necessary, convert your certificate and key files to PEM format ( openssl has all the necessary utilities)

Place the certificate anyplace convenient that the webserver can read. It should be protected against write. The conventional place under linux is /etc/pki/tls/certs

Place the key file in a secure location that only the webserver can read. It must not be readable by anyone else, and must not be served by the webserver.

Using the configure script, change the following settings under Mail and Proxies:

Follow the directions under {MailProgram} to enable an external mail program such as sendmail. Net::SMTP is not supported.

Enter the full path to the certificate file in the {SmimeCertificateFile} configuration variable

Enter the full path to the private key file in the {SmimeKeyFile} configuration variable

Save the configuration

Re-run the configure script an resolve any errors that it identifies

All out-going administrative e-mails will now be signed.

Enable WebStatistics

You can generate a listing manually, or on an automated schedule, of visits to individual pages, on a per web basis. For information on setting up this feature, see the TWikiSiteTools topic.

Automate removal of expired sessions and lease files

Per default TWiki cleans out expired session and lease files each time any topic is viewed. This however cost performance. It is an advantage to define a negative value in configure for {Sessions}{ExpireAfter} and install let cron run the tools/tick_twiki.pl script. Read The topic TWikiScripts#tick_twiki_pl for details how to do this.

Enable Localisation

TWiki now supports displaying of national (non-ascii) characters and presentation of basic interface elements in different languages. To enable these features, see the Localisation section of configure. For more information about these features, see TWiki:TWiki.InternationalizationSupplement.

Tailor New Users Home Topic

When a new users registers on your TWiki, a home topic is created for them based on the NewUserTemplate topic (and its UserForm). It contains additional resources you can use to:

Localize the user topic.

Add a default ALLOWTOPICCHANGE so only the user can edit their own home topic. We do not encourage this for Intranet sites as it sends a wrong signal to new users, but it can be necessary on a public TWiki to prevent spam.

Add and remove fields defined in the UserForm

If you choose to tailor anything you are strongly adviced to copy NewUserTemplate and UserForm to the Main web and tailor the Main web copies. TWiki will look for the NewUserTemplate in the Main web first and if it does not exist it uses the default from the System web. By creating a Main.NewUserTemplate and its Main.UserForm you will not loose your tailorings next time you upgrade TWiki.

If you added or removed fields from the user form you may also need to tailor TWikiRegistration.

Install Plugins

TWiki:Plugins.WebHome is an extensive library of plugins for TWiki, that enhance functionality in a huge number of ways. A few plugins are pre-installed in the TWiki distribution. For more information on these, see InstalledPlugins.

You activate installed plugin in the Plugins section of configure. In this section you also find a Find More Extensions button which opens an application which can install additional plugins from the TWiki.org website. If you are behind a firewall or your server has no access to the Internet it is also possible to install plugins manually. Manual installation instructions for the plugins can be found in the plugin topics on TWiki.org. Additional documenation on TWiki plugins can be found at TWiki:TWiki.TWikiPluginsSupplement.

Some plugins require that you define their settings in configure. You fill find these under the Extensions section of configure.

At the official TWiki website you can find more resources. A good place to start for exploring what's possible is TWiki:TWiki.TWikiAdminCookBook which offers tips and tricks for customizing your TWiki site. Many of these are appropriate to implement immediately after installing TWiki and before adding content so now's a good time to look at these.

Customization of Special Pages

Some pages are meant to be customized after choice of authentication. If you do not use the internal TWiki password manager the topics that contains the features for changing and resetting passwords and changing the email address should be changed to a note describing how to perform these tasks in your organization. The topics are:

From TWiki release 4.2.0 on the WYSIWYG editor has been replaced by a much better and more powerful editor and it was decided that WYSIWYG would be the default edit mode. An Edit Raw link is available for those that have a need or preference for this mode.

However you may prefer to have the same user interface as in TWiki 4.1 where Edit was the raw text editor and you had a WYSIWYG button. You can modify the templates that define the buttons by following the description on TWiki:Codev.TWikiRawEditDefault04x02.

If your TWiki is used in a commercial application without public access you should replace this by your normal copyright notice. You should also consider adding classifications (e.g. For Internal Use Only) so people do not have to add this manually to every new topic.

If your TWiki is public with public access you need to decide which copyright and license the contributions should be covered by. For open source type applications licenses such as the GNU Free Documentation License, FreeBSD Documentation License, and Creative Commons license are possible licenses to consider. Remember that once people have started contributing it is difficult and not correct to change or impose licenses on existing contributions.

You can create a unique message for each web by adding the WEBCOPYRIGHT setting to WebPreferences in each web. E.g. adding a confidencial classification to a very restricted web.

The WEBCOPYRIGHT in System.WebPreferences covers the documentation that comes with TWiki and is covered by the original TWiki Copyright and GPL License. You will normally leave this unchanged.

Troubleshooting

The first step is to re-run the configure script and make sure you have resolved all errors, and are satisfied that you understand any warnings.

If by any chance you forgot the "admin" password, the same is used in "configure" script, then please login to the server. Delete $TWiki::cfg{Password}= ' ...'; . Set the new password using "configure" script.

Failing that, please check TWiki:TWiki.InstallingTWiki on TWiki.org, the supplemental documentation that help you install TWiki on different platforms, environments and web hosting sites. For example:

Appendices

TWiki System Requirements

Low client and server base requirements are core features that keep TWiki widely deployable, particularly across a range of browser platforms and versions.

Server Requirements

TWiki is written in Perl 5, uses a number of shell commands, and requires RCS (Revision Control System), a GNU Free Software package. TWiki is developed in a basic Linux/Apache environment. It also works with Microsoft Windows, and should have no problem on any other platform that meets the requirements.

5.8.4 or higher is recommended. TWiki will run in perl 5.6.1 but only with Wysiwyg editor disabled. Wysiwyg requires unicode support which is provided by perl 5.8.1 and forward.

RCS

5.7 or higher (including GNU diff) Optional, TWiki includes a pure perl implementation of RCS that can be used instead (although it's slower)

GNU diff

GNU diff 2.7 or higher is required when not using the all-Perl RcsLite. Install on PATH if not included with RCS (check version with diff -v) Must be the version used by RCS, to avoid problems with binary attachments - RCS may have hard-coded path to diff

Optional CPAN Modules

May be required by the Extensions Installer in configure if command line tar or unzip is not available

CGI::Cookie

>=1.24

Used for session support

CGI::Session

>=3.95

Highly recommended! Used for session support

Crypt::SMIME

>=0.09

Required if S/MIME-signed administrative e-mail is enabled.

Digest::base

Digest::SHA1

Jcode

Used for I18N support with perl 5.6

Locale::Maketext::Lexicon

>=0

Used for I18N support

Authen::SASL

Used for SMTP Authentication

Net::SMTP

>=2.29

Used for sending mail

Unicode::Map

Used for I18N support with perl 5.6

Unicode::Map8

Used for I18N support with perl 5.6

Unicode::MapUTF8

Used for I18N support with perl 5.6

Unicode::String

Used for I18N support with perl 5.6

URI

Used for configure

Most of them will probably already be available in your installation. You can check version numbers with the configure script, or if you're still trying to get to that point, check from the command line like this:

perl -e 'use FileHandle; print $FileHandle::VERSION."\n"'

Client Requirements

CSS and Javascript are used in most skins, although there is a low-fat skin (Classic skin) available that minimises these requirements. Some skins will require more recent releases of browsers. The default skin (Pattern) is tested on IE 6, Safari, and Mozilla 5.0 based browsers (such as Firefox).

Important note about TWiki Plugins

Note: Plugins included in the TWiki distribution do not add requirements, except for the CommentPlugin which requires Perl 5.6.1.

Notes on Installing TWiki on Non-Root Account

The following supplemental notes to the Basic Installation instructions apply to installing TWiki on a system where you don't have Unix/Linux root (administrator) privileges, for example, on a hosted Web account or an intranet server administered by someone else.

Step 2: If you cannot unpack the TWiki distribution directly in your installation directory, you can unpack the distribution on your local PC and then manually create the directory structure on your host server and upload the files as follows:

Using the table below, create a directory structure on your host server

Upload the TWiki files by FTP (transfer as text except for the image files in pub directory.)

Note: Don't worry if you are not able to put the twiki/lib directory at the same level as the twiki/bin directory (e.g. because CGI bin directories can't be under your home directory and you don't have root access). You can create this directory elsewhere and configure the twiki/bin/setlib.cfg file (done in Step 2).

Step 3: Files in the pub directory must be readable as a url. This means that directory permissions should be set to 755 (or 775 ) and file permissions should be set to 644 (or 664). If you can run a chmod command, you can accomplish this in two quick steps by running these commands from the root direct:

chmod -R 755 pub

chmod 644 `find pub -type f -print`

In addition, you should create a .htaccess file in the pub directory, using the template included in the root level of the distribution entitled pub-htaccess.txt.

Step 6: In order to run the configure script, create a file called .htaccess in the bin directory that includes the following single line: SetHandler cgi-script . This informs the server to treat all the perl scripts in the bin directory as scripts.

Installing Manually Without Configure

It is highly recommended to use run configure from the browser when setting up TWiki. Configure does a lot of the hard work for you.

But there may be instances where you do not want to use configure or where configure simply won't run because of a missing dependency.

The manual steps you have to take are:

Copy the file lib/TWiki.spec to lib/LocalSite.cfg

Remove the comment # in front of $TWiki::cfg{DefaultUrlHost}, $TWiki::cfg{ScriptUrlPath}, $TWiki::cfg{PubUrlPath}, $TWiki::cfg{PubDir}, $TWiki::cfg{TemplateDir}, $TWiki::cfg{DataDir}, $TWiki::cfg{LocalesDir}, and $TWiki::cfg{OS} and make sure these settings have the correct values.

Make sure to define at least these settings: $TWiki::cfg{LoginManager}, $TWiki::cfg{WebMasterEmail}, $TWiki::cfg{SMTP}{MAILHOST}, $TWiki::cfg{SMTP}{SENDERHOST}.

TWiki Upgrade Guide

This guide covers upgrading from a previous version of TWiki (such as TWiki-4.3) to TWiki-5.0

Overview

TWiki-5.0.0 is a major release introducing usability enhancements, feature enhancements, and adds extensions to strengthen TWiki as an enterprise collaboration platform. Use this guide to upgrade a previous TWiki release to 5.0. Use the TWikiInstallationGuide if you do not have data to carry forward.

Major Changes Compared to Earlier TWiki Releases

Upgrade Procedure

The following steps are a rough guide to upgrading only. It is impossible to give detailed instructions, as what you have to do may depend on whether you can configure the webserver or not, and how much you have changed distributed files in your current TWiki release.

The main steps are:

Install the new TWiki version, configure it, and get it to work similar to the old version

Install additional extensions (plugins) -- make sure to use the latest versions

Copy all the non-default webs from the old installation to the new

Copy the users from old installation to the new including all their topics from Main

Apply customizations to your skin (logos, menu bars etc)

Apply preferences from old installation

After the extensions are installed (or upgraded) in step 2, take a "golden" backup. That will come in handy for your next patch or upgrade: By checking the differences between the golden copy and your production copy, you will be able to identify all the modifications that you have applied to the core or extensions.

If you are upgrading from a 4.x.x release, you can carry over the configure settings from the old release.

You need to run configure and save the configuration once when you upgrade as this will update the altered and added settings.

You can also choose to start with a fresh configuration and walk through all the settings using your old twiki/lib/LocalSite.cfg as a reference. This way you will not have old obsolete settings in the new LocalSite.cfg.

If at any time during the installation you want to start over from fresh, delete the LocalSite.cfg file and re-run configure.

If you upgrade from an older TWiki your lib/TWiki.cfg from the old TWiki installation is a good resource for some of the settings you will need but you cannot reuse the old TWiki.cfg.

Make sure you have a working basic TWiki before you continue

Install Extensions

From TWiki-4.1.0 on the configure script which you ran during installation supports installation of additional plugins.

Manual installation is possible. Follow the instruction on the plugin page at twiki.org.

Check the plugin topics from your old TWiki installation. There may be plugin settings that you want to transfer to the new TWiki installation. Hint: For an easier upgrade later on, set the plugin preferences settings in the Main.SitePreferences topic, not in the plugin topic. To identify the plugin, prefix the name of the setting with the capitalized name of the plugin. For example, to change the DEFAULT_TYPE setting of the CommentPlugin, create a COMMENTPLUGIN_DEFAULT_TYPE setting in Main.SitePreferences.

InterWikis - If you added your own rules you should save this topic and not overwrite it.

SlideShowPlugin - Make sure you did not change the embedded 'Default Slide Template' If you did you should save it. It is a bad idea to do. It is better to define your own slide show templates as separate topics that do not get overwritten when you upgrade.

Copy your old webs to new TWiki

When upgrading from Cairo or earlier it may be necessary to unlock the rcs files in data and pub directories from the old installation using the following shell commands:

find data -name '*,v' -exec rcs -u -M '{}' \;

find pub -name '*,v' -exec rcs -u -M '{}' \;

Copy your local webs over to the data and pub directories of the new install. Do not copy the default webs: TWiki, Main, Trash, Sandbox, _default, and _empty.

Make sure all data and pub files and directories are owned by the webserver user.

Note: TWiki's WebChanges topics depend on the file timestamp. If you touch the .txt files make sure to preserve the timestamp, or to change them in the sequence of old file timestamps.

Copy Users And Their Topics From Main Web

Copy all the topics from the Main web and corresponding pub/Main directories from the old TWiki to the new TWiki but do not overwrite any of the new topics already inside the new Main directory!

Manually merge all the users from the old Main.TWikiUsers topic to the new TWiki. If you upgrade from Cairo you can simply use the old file and add the missing new system users to the list of users. If you upgrade from TWiki-4.0.x simply use the old topic. Starting from 4.2.0 TWiki no longer ships with a Main.TWikiUsers topic. When you register the first user TWiki now checks for an existing Main.TWikiUsers and if it does not exist it gets created.

If you use data/.htpasswd for authentication copy this file from the old TWiki to the new.

If you upgrade from Cairo and you are using the Htpasswd login manager, then note that email addresses for users have moved out of user topics and into the password file. There is a script that performs this extra upgrade step for you - see tools/upgrade_emails.pl.

The old Sandbox web may have a lot of useful topic and users may use it actively for drafts. Manually select the topics (remember the corresponding pub directories) from the old Sandbox web and copy them to the one of the new TWiki. Decide if you want to overwrite the sandbox homepage and left menu bar or keep the new.

If you added or removed fields from the user topic form you may also have tailored TWiki.TWikiRegistration. Make sure you either reuse the registration topic from the old installation or apply the same field changes to the new TWiki.TWikiRegistration topic.

Starting from 4.2.0 TWiki ships with NewUserTemplate and UserForm in the TWiki web. If you choose to tailor anything you are strongly advised to copy NewUserTemplate and UserForm to the Main web and tailor the Main web copies. TWiki will look for the NewUserTemplate in the Main web first and if it does not exist it uses the default from the TWiki web. By creating a Main.NewUserTemplate and its Main.UserForm you will not loose your tailorings next time you upgrade TWiki.

Make sure all data and pub files and directories are owned by the webserver user.

Apply Preferences From Old Installation

Transfer any customized and local settings from System.TWikiPreferences to the topic pointed at by {LocalSitePreferences} (Main.SitePreferences). Per default this is Main.TWikiPreferences. This avoids having to write over files in the distribution on a later upgrade.

If you changed any of the topics in the original TWiki distribution, you will have to transfer your changes to the new install manually. There is no simple way to do this, though a suggestion is to use 'diff' to find changed files in the data/TWiki of the old and new TWiki installation, and transfer the changes into the new TWiki install. If you can run a GUI on your server, you may find that using a visual diff tool like WinMerge, meld, kdiff3, xxdiff, etc. is helpful.

Compare the WebPreferences topics in the old TWiki Installation with the default from the new TWiki installation and add any new Preferences that may be relevant.

Compare the WebLeftBar topics in the old TWiki Installation with the default from the new TWiki installation and add any new feature that you desire.

Customization of Special Pages

Some pages in the TWiki web are meant to be customized after choice of authentication. If you do not use the internal TWiki password manager the topics that contains the features for changing and resetting passwords and changing the email address should be changed to a note describing how to perform these tasks in your organization. If you have made such customizations remember to replace these topics in the TWiki web with the tailored versions from your old installation. The topics are:

TWiki.ChangePassword

TWiki.ResetPassword

TWiki.ChangeEmailAddress

Upgrading from Cairo to TWiki-4 (additional advice)

Favicon

TWiki-4's PatternSkin introduces the use of the favicon feature which most browsers use to show a small icon in front of the URL and for bookmarks.

In TWiki-4 it is assumed that each web has a favicon.ico file attached to the WebPreferences topic. When you upgrade from Cairo to TWiki-4 you do not have this file and you will get flooded with errors the error log of your web server. There are two solutions to this.

Attach a favicon.ico file to WebPreferences in each web.

Preferred: Change the setting of the location of favicon.ico in TWikiPreferences so all webs use the favicon.ico from the TWiki web. This is the fastest and easiest solution.

To change the location of favicon.ico in TWikiPreferences to the TWiki web add the following setting to Main.SitePreferences:

* Set FAVICON = %PUBURLPATH%/%SYSTEMWEB%/%WEBPREFSTOPIC%/favicon.ico

TWikiUsers topic in Main web

Your old Main.TWikiUsers topic will work in the new TWiki but you will need to ensure that the following four users from the TWikiUsersTemplate topic are copied to the existing TWikiUsers topic in proper alphabetical order:

TWikiContributor - placeholder for a TWiki developer, and is used in TWiki documentation

TWikiGuest - guest user, used as a fallback if the user can't be identified

TWikiRegistrationAgent - special user used during the new user registration process

UnknownUser - used where the author of a previously stored piece of data can't be determined

You additionally need to ensure that TWikiUsers has the Set ALLOWTOPICCHANGE = TWikiAdminGroup, TWikiRegistrationAgent access control setting. Otherwise people will not be able to register.

Important Changes since TWiki-4.0.5

Supported Perl version

TWiki 4.0.5 worked on Perl version 5.6.X. Reports from users has shown that unfortunately TWiki 4.1.0 does not support Perl versions older then 5.8.0. It is the goal that TWiki should work on at least Perl version 5.6.X but none of the developers have had access to Perl installations older than 5.8.0.

Since TWiki 4.1.0 has some urgent bugs the development team decided to release TWiki 4.1.1 without resolving the issue with Perl 5.6.X. We will however address this and try and resolve it for a planned 4.1.2 release. The TWiki community is very interested in contributions from users that have fixes for the code which will enable TWiki to run on older versions of Perl.

Template spec changed

Until TWiki 4.0.5 TWikiTemplates the text inside template definition blocks (anything between %TMPL:DEF{"block"}% and %TMPL:END% was stripped of leading and trailing white space incl new lines.

This caused a lot of problems for skin developers when you wanted a newline before or after the block text.

From TWiki 4.1.0 this has changed so that white space is no longer stripped. Skins like PatternSkin and NatSkin have been updated so that they work with the new behavior. But if you use an older skin or have written your own you will most likely need to make some adjustments.

It is not difficult. The general rule is - if you get mysterious blank lines in your skin, the newline after the %TMPL:DEF{"block"}% needs to be removed. Ie. the content of the block must follow on the same line as the TMPL:DEF.

The spec change have the same impact on CommentPlugin templates where you may have to remove the first line break after the TMPL:DEF. See the CommentPluginTemplate for examples of how comment template definitions should look like in TWiki-4.1.X

An example: A CommentPlugin template that adds a comment as appending a row to a table. Before the spec change this would work.

The advantage of the spec change is that now you can add leading and trailing white space including new lines. This was not possible before.

Important Changes since TWiki-4.1.0

New location for session and other temporary files

An upgrader upgrading to 4.1.1 should note the following important change

The directory for passthrough files and session files have been replaced by a common directory for temporary files used by TWiki. Previously the two configure settings {PassthroughDir} and {Sessions}{Dir} were by default set to /tmp. These config settings have been replaced by {TempfileDir} with the default setting value /tmp/twiki. If the twiki directory does not exist twiki will create it first time it needs it.

It is highly recommended no longer to use the tmp directory common to other web applications and the new default will work fine for most. You may want to delete all the old session files in /tmp after the upgrade to 4.1.1. They all start with cgisess_. It is additionally highly recommended to limit write access to the {TempfileDir} for security reasons if you have non-admin users with login access to the webserver just like you would do with the other webserver directories.

NEWTOPICLINKSYMBOL removed

The NEWTOPICLINKSYMBOL preference which was deprecated in 4.1 has now been removed from the code. If you want to control the appearance of new links, you can use NEWLINKFORMAT.

UserForm and NewUserTemplate Customization

When a new user registers on TWiki his user topic is created based on the NewUserTemplate and UserForm.

The NewUserTemplate was located in the TWiki web and the UserForm in the Main web. When upgrading TWiki these were some of the topics you had to take care not to overwrite.

From 4.2.0 the UserForm and NewUserTemplate are distributed in the TWiki web. If you create the two in the Main web the Main web version will be used instead. So if you tailor the user topic format or the form then you should always copy the two files to the Main web and modify the ones in the Main web. When you later upgrade TWiki your tailored template and form will not be overwritten.

TWikiUsers no longer distributed

The Main.TWikiUsers topic contains all the registered users. It is a topic you do not want to overwrite when you upgrade TWiki.

From 4.2.0 this file is no longer included in the TWiki distribution. When you register the first time TWiki creates the Main.TWikiUsers topic in the Main web if it does not exist already. This means that you can now upgrade TWiki without risk of overwriting the important TWikiUsers topic.

For new installers this makes no difference at all

For upgraders this is one less problem to worry about as your important Main.TWikiUsers topic now no longer gets overwritten when upgrading.

New working directory

A new directory working which per default is located in the twiki root, has been introduced which contains:

registration_approvals - with 4.2.0 it is moved to here from the data directory.

tmp - so we now avoid having to fight with special access rights and /tmp directory that gets cleaned out when booting.

work_areas - with 4.2.0 it is moved to here from the pub directory. Configure automatically moved the directory when you upgrade.

Note: Remember to restrict access to this new directory when you upgrade.

The configuration setting {WorkingDir} defines the container directory for temporary files, extensions' work areas, and intermediate registration data. The default is working under your installation root.

Take care for that change if you run your own routine to delete obsolete session files, which will now be found under working/tmp/cgisess*.

New Internal Admin Login

TWiki 4.2 introduces a new Internal Admin Login feature which uses "admin" (configurable) as username and the password used for configure to become temporary administrator. When you do a new installation you need to use this feature as Main.TWikiAdminGroup is now access restricted by default to avoid security attacks during the hours an installation may take. From configure there is a link to the TWikiAdminGroup topic and on TWikiAdminGroup the step by step instructions are written in a yellow box. Our advice is not to remove this help text in case you need it later.

Important Changes since TWiki-5.0.0

New TopMenuSkin

The TopMenuSkin adds pulldown menus for better usability and corporate/modern look&feel. This skin is based on the PatternSkin, which used the WebLeftBar in each web for navigation. The TopMenuSkin has a new WebTopBar that defines the menu structure in each web. A default menu is shown in case WebTopBar is missing in a web, so you do not need to add a WebTopBar topic to all your existing webs. See TopMenuSkin#WebSpecific instructions in case you need a customized menu structure in a specific web.

TWiki User Authentication

TWiki site access control and user activity tracking options

Overview

Authentication, or "login", is the process by which a user lets TWiki know who they are.

Authentication isn't just to do with access control. TWiki uses authentication to identify users, so it can keep track of who made changes, and manage a wide range of personal settings. With authentication enabled, users can personalise TWiki and contribute as recognised individuals, instead of shadows.

TWiki authentication is very flexible, and can either stand alone or integrate with existing authentication schemes. You can set up TWiki to require authentication for every access, or only for changes. Authentication is also essential for access control.

Quick Authentication Test - Use the %USERINFO% variable to return your current identity:

TWiki user authentication is split into four sections; password management, user mapping, user registration, and login management. Password management deals with how users personal data is stored. Registration deals with how new users are added to the wiki. Login management deals with how users log in.

Once a user is logged on, they can be remembered using a Client Session stored in a cookie in the browser (or by other less elegant means if the user has disabled cookies). This avoids them having to log on again and again.

TWiki user authentication is configured through the Security Settings pane in the configure interface.

Please note FileAttachments are not protected by TWiki User Authentication.

Password Management

As shipped, TWiki supports the Apache 'htpasswd' password manager. This manager supports the use of .htpasswd files on the server. These files can be unique to TWiki, or can be shared with other applications (such as an Apache webserver). A variety of password encodings are supported for flexibility when re-using existing files. See the descriptive comments in the Security Settings section of the configure interface for more details.

You can easily plug in alternate password management modules to support interfaces to other third-party authentication databases.

User Mapping

Often when you are using an external authentication method, you want to map from an unfriendly "login name" to a more friendly WikiName. Also, an external authentication database may well have user information you want to import to TWiki, such as user groups.

By default, TWiki supports mapping of usernames to wikinames, and supports TWiki groups internal to TWiki. If you want, you can plug in an alternate user mapping module to support import of groups etc.

User Registration

New user registration uses the password manager to set and change passwords and store email addresses. It is also responsible for the new user verification process. the registration process supports single user registration via the TWikiRegistration page, and bulk user registration via the BulkRegistration page (for admins only).

The registration process is also responsible for creating user topics, and setting up the mapping information used by the User Mapping support.

Note: If you are restricting the entire Main web to TWikiGuest, you are required to add TWikiRegistrationAgent to ALLOWWEBCHANGE in your Main/WebPreferences. By doing so, new users are able to register without any errors.

Login Management

Login management controls the way users have to log in. There are three basic options; no login, login via a TWiki login page, and login using the webserver authentication support.

No Login (select none in configure)

Does exactly what it says on the tin. Forget about authentication to make your site completely public - anyone can browse and edit freely, in classic Wiki style. All visitors are given the TWikiGuest default identity, so you can't track individual user activity.

Note: This setup is not recommended on public websites for security reasons; anyone would be able to change system settings and perform tasks usually restricted to administrators.

Template Login asks for a username and password in a web page, and processes them using whatever Password Manager you choose. Users can log in and log out. Client Sessions are used to remember users. Users can choose to have their session remembered so they will automatically be logged in the next time they start their browser.

Enabling Template Login

there is also an EXPERT configure setting {TemplateLogin}{PreventBrowserRememberingPassword} that you can set to prevent Browsers from remembering username and passwords if you are concerned about public terminal usage.

Register yourself in the TWikiRegistration topic. Check that the password manager recognises the new user. If you are using .htpasswd files, check that a new line with the username and encrypted password is added to the .htpasswd file. If not, you probably got a path wrong, or the permissions may not allow the webserver user to write to that file.

Create a new topic to check if authentication works.

Edit the TWikiAdminGroup topic in the Main web to include users with system administrator status.This is a very important step, as users in this group can access all topics, independent of TWiki access controls.

At this time TWikiAccessControls cannot control access to files in the pub area, unless they are only accessed through the viewfile script. If your pub directory is set up in the webserver to allow open access you may want to add .htaccess files in there to restrict access.

You can create a custom version of the TWikiRegistration form by copying the topic, and then deleting or adding input tags in your copy. The name="" parameter of the input tags must start with: "Twk0..." (if this is an optional entry), or "Twk1..." (if this is a required entry). This ensures that the fields are carried over into the user home page correctly. Do not modify the version of TWikiRegistration shipped with TWiki, as your changes will be overwritten next time you upgrade.

Apache Login (select TWiki::LoginManager::ApacheLogin in configure)

Using this method TWiki does not authenticate users internally. Instead it depends on the REMOTE_USER environment variable, which is set when you enable authentication in the webserver.

The advantage of this scheme is that if you have an existing website authentication scheme using Apache modules such as mod_auth_ldap or mod_auth_mysql you can just plug in directly to them.

The disadvantage is that because the user identity is cached in the browser, you can log in, but you can't log out again unless you restart the browser.

TWiki maps the REMOTE_USER that was used to log in to the webserver to a WikiName using the table in TWikiUsers. This table is updated whenever a user registers, so users can choose not to register (in which case their webserver login name is used for their signature) or register (in which case that login name is mapped to their WikiName).

The same private .htpasswd file used in TWiki Template Login can be used to authenticate Apache users, using the Apache Basic Authentication support.

Warning: Do not use the Apache htpasswd program with .htpasswd files generated by TWiki! htpasswd wipes out email addresses that TWiki plants in the info fields of this file.

Enabling Apache Login using mod_auth

You can use any other Apache authentication module that sets REMOTE_USER.

Use configure to select the TWiki::LoginManager::ApacheLogin login manager.

Use configure to set up TWiki to create the right kind of .htpasswd entries.

Create a .htaccess file in the twiki/bin directory. There is an template for this file in twiki/bin/.htaccess.txt that you can copy and change. The comments in the file explain what need to be done. If you got it right, the browser should now ask for login name and password when you click on the Edit. If .htaccess does not have the desired effect, you may need to "AllowOverride All" for the directory in httpd.conf (if you have root access; otherwise, e-mail web server support) At this time TWikiAccessControls do not control access to files in the pub area, unless they are only accessed through the viewfile script. If your pub directory is set up to allow open access you may want to add .htaccess files in there as well to restrict access

You can create a custom version of the TWikiRegistration form by copying the default topic, and then deleting or adding input tags in your copy. The name="" parameter of the input tags must start with: "Twk0..." (if this is an optional entry), or "Twk1..." (if this is a required entry). This ensures that the fields are carried over into the user home page correctly. Do not modify the version of TWikiRegistration shipped with TWiki, as your changes will be overwritten next time you upgrade. The default new user template page is in System.NewUserTemplate. The same variables get expanded as in the template topics. You can create a custom new user home page by creating the Main.NewUserTemplate topic, which will then override the default.

Register yourself in the TWikiRegistration topic. Check that a new line with the username and encrypted password is added to the .htpasswd file. If not, you may have got a path wrong, or the permissions may not allow the webserver user to write to that file.

Create a new topic to check if authentication works.

Edit the TWikiAdminGroup topic in the Main web to include users with system administrator status.This is a very important step, as users in this group can access all topics, independent of TWiki access controls.

Logons via bin/logon

Any time a user requests a page that needs authentication, they will be forced to log on. It may be convenient to have a "logon" link as well, to give the system a chance to identify the user and retrieve their personal settings. It may be convenient to force them to log on.

The bin/logon script enables this. If you are using Apache Login, the bin/logon script must be setup in the bin/.htaccess file to be a script which requires a valid user. Once authenticated, it will redirect the user to the view URL for the page from which the logon script was linked.

Sessions

TWiki uses the CPAN:CGI::Session and CPAN:CGI::Cookie modules to track sessions. These modules are de facto standards for session management among Perl programmers. If you can't use Cookies for any reason, CPAN:CGI::Session also supports session tracking using the client IP address.

You don't have to enable sessions to support logins in TWiki. However it is strongly recommended. TWiki needs some way to remember the fact that you logged in from a particular browser, and it uses sessions to do this. If you don;t enable sessions, TWiki will try hard to remember you, but due to limitations in the browsers it may also forget you (and then suddenly remember you again later!). So for the best user experience, you should enable sessions.

There are a number of TWikiVariables available that you can use to interrogate your current session. You can even add your own session variables to the TWiki cookie. Session variables are referred to as "sticky" variables.

Getting, Setting, and Clearing Session Variables

You can get, set, and clear session variables from within TWiki web pages or by using script parameters. This allows you to use the session as a personal "persistent memory space" that is not lost until the web browser is closed. Also note that if a session variable has the same name as a TWiki preference, the session variables value takes precedence over the TWiki preference. This allows for per-session preferences.

Cookies and Transparent Session IDs

TWiki normally uses cookies to store session information on a client computer. Cookies are a common way to pass session information from client to server. TWiki cookies simply hold a unique session identifier that is used to look up a database of session information on the TWiki server.

For a number of reasons, it may not be possible to use cookies. In this case, TWiki has a fallback mechanism; it will automatically rewrite every internal URL it sees on pages being generated to one that also passes session information.

TWiki Username vs. Login Username

This section applies only if you are using authentication with existing login names (i.e. mapping from login names to WikiNames).

Login Username: When you login to the intranet, you use your existing login username, ex: pthoeny. This name is normally passed to TWiki by the REMOTE_USER environment variable, and used internally. Login Usernames are maintained by your system administrator.

TWiki Username: Your name in WikiNotation, ex: PeterThoeny, is recorded when you register using TWikiRegistration; doing so also generates a personal home page in the Main web.

TWiki can automatically map an Intranet (Login) Username to a TWiki Username if the {AllowLoginName} is enabled in configure. The default is to use your WikiName as a login name.

NOTE:To correctly enter a WikiName - your own or someone else's - be sure to include the Main web name in front of the Wiki username, followed by a period, and no spaces, for example Main.WikiUsername or %USERSWEB%.WikiUsername.
This points WikiUsername to the Main web, where user home pages are located, no matter which web it's entered in. Without the web prefix, the name appears as a NewTopic everywhere but in the Main web.

Changing Passwords

If your {PasswordManager} supports password changing, you can change and reset passwords using forms on regular pages.

Changing E-mail Addresses

If the active {PasswordManager} supports storage and retrieval of user e-mail addresses, you can change your e-mail using a regular page. As shipped, this is true only for the Apache 'htpasswd' password manager.

How to choose an authentication method

One of the key features of TWiki is that it is possible to add HTML to topics. No authentication method is 100% secure on a website where end users can add HTML, as there is always a risk that a malicious user can add code to a topic that gathers user information, such as session IDs. The TWiki developers have been forced to make certain tradeoffs, in the pursuit of efficiency, that may be exploited by a hacker.

This section discusses some of the known risks. You can be sure that any potential hackers have read this section as well!

At one extreme, the most secure method is to use TWiki via SSL (Secure Sockets Layer), with a login manager installed and Client Sessions turned off.

Using TWiki with sessions turned off is a pain, though, as with all the login managers there are occasions where TWiki will forget who you are. The best user experience is achieved with sessions turned on.

As soon as you allow the server to maintain information about a logged-in user, you open a door to potential attacks. There are a variety of ways a malicious user can pervert TWiki to obtain another users session ID, the most common of which is known as a cross-site scripting attack. Once a hacker has an SID they can pretend to be that user.

To help prevent these sorts of attacks, TWiki supports IP matching, which ensures that the IP address of the user requesting a specific session is the same as the IP address of the user who created the session. This works well as long as IP addresses are unique to each client, and as long as the IP address of the client can't be faked.

Session IDs are usually stored by TWiki in cookies, which are stored in the client browser. Cookies work well, but not all environments or users permit cookies to be stored in browsers. So TWiki also supports two other methods of determining the session ID. The first method uses the client IP address to determine the session ID. The second uses a rewriting method that rewrites local URLs in TWiki pages to include the session ID in the URL.

The first method works well as long as IP addresses are unique to each individual client, and client IP addresses can't be faked by a hacker. If IP addresses are unique and can't be faked, it is almost as secure as cookies + IP matching, so it ranks as the fourth most secure method.

If you have to turn IP matching off, and cookies can't be relied on, then you may have to rely on the second method, URL rewriting. This method exposes the session IDs very publicly, so should be regarded as "rather dodgy".

Most TWiki sites don't use SSL, so, as is the case with most sites that don't use SSL, there is always a possibility that a password could be picked out of the aether. Browsers do not encrypt passwords sent over non-SSL links, so using Apache Login is no more secure than Template Login.

Of the two shipped login managers, Apache Login is probably the most useful. It lets you do this sort of thing:
wget --http-user=RogerRabbit --http-password=i'mnottelling http://www.example.com/bin/save/Sandbox/StuffAUTOINC0?text=hohoho,%20this%20is%20interesting
i.e. pass in a user and password to a request from the command-line. However it doesn't let you log out.

Template Login degrades to url re-writing when you use a client like dillo that does not support cookies. However, you can log out and back in as a different user.

Finally, it would be really neat if someone was to work out how to use certificates to identify users.....

TWiki Access Control

Restricting read and write access to topics and webs, by Users and groups

TWiki Access Control allows you restrict access to single topics and entire webs, by individual user and by user Groups. Access control, combined with TWikiUserAuthentication, lets you easily create and manage an extremely flexible, fine-grained privilege system.

An Important Control Consideration

Open, freeform editing is the essence of WikiCulture - what makes TWiki different and often more effective than other collaboration tools. For that reason, it is strongly recommended that decisions to restrict read or write access to a web or a topic are made with great care - the more restrictions, the less Wiki in the mix. Experience shows that unrestricted write access works very well because:

Peer influence is enough to ensure that only relevant content is posted.

Peer editing - the ability for anyone to rearrange all content on a page - keeps topics focused.

Authentication vs. Access Control

Access control: Restrict access to content based on users and groups once a user is identified.

Users and Groups

Access control is based on the familiar concept of Users and Groups. Users are defined by their WikiNames. They can then be organized in unlimited combinations by inclusion in one or more user Groups. For convenience, Groups can also be included in other Groups.

Managing Users

A user can create an account in TWikiRegistration. The following actions are performed:

WikiName and encrypted password are recorded using the password manager if authentication is enabled.

A confirmation e-mail is sent to the user.

A user home page with the WikiName of the user is created in the Main web.

The default visitor name is TWikiGuest. This is the non-authenticated user.

Managing Groups

The following describes the standard TWiki support for groups. Your local TWiki may have an alternate group mapping manager installed. Check with your TWiki administrator if you are in doubt.

Groups are defined by group topics located in the Main web. To create a new group, visit TWikiGroups and enter the name of the new group ending in Group into the "new group" form field. This will create a new group topic with two important settings:

Set GROUP = < list of Users and/or Groups >

Set ALLOWTOPICCHANGE = < list of Users and/or Groups >

The GROUP setting is a comma-separated list of users and/or other groups. Example:

Set GROUP = Main.SomeUser, Main.OtherUser, Main.SomeGroup

The ALLOWTOPICCHANGE setting defines who is allowed to change the group topic; it is a comma delimited list of users and groups. You typically want to restrict that to the members of the group itself, so it should contain the name of the topic. This prevents users not in the group from editing the topic to give themselves or others access. For example, for the KasabianGroup topic write:

Set ALLOWTOPICCHANGE = Main.KasabianGroup

Note: TWiki has strict formatting rules. Make sure you have three spaces, an asterisk, and an extra space in front of any access control rule.

The Super Admin Group

A number of TWiki functions (for example, renaming webs) are only available to administrators. Administrators are simply users who belong to the SuperAdminGroup. This is a standard user group, the name of which is defined by {SuperAdminGroup} setting in configure. The default name of this group is the TWikiAdminGroup. The system administrator may have chosen a different name for this group if your local TWiki uses an alternate group mapping manager but for simplicity we will use the default name TWikiAdminGroup in the rest of this topic.

You can create new administrators simply by adding them to the TWikiAdminGroup topic. For example,

Set GROUP = Main.ElizabethWindsor, Main.TonyBlair

A member of the Super Admin Group has unrestricted access throughout the TWiki, so only trusted staff should be added to this group.

Restricting Access

You can define who is allowed to read or write to a web or a topic. Note that some plugins may not respect access permissions.

Restricting VIEW blocks viewing and searching of content. When you restric VIEW to a topic or web, this also restricts INCLUDE and Formatted SEARCH from showing the content of the topics.

Note that there is an important distinction between CHANGE access and RENAME access. A user can CHANGE a topic, but thanks to version control their changes cannot be lost (the history of the topic before the change is recorded). However if a topic or web is renamed, that history may be lost. Typically a site will only give RENAME access to administrators and content owners.

Controlling access to a Web

You can define restrictions on who is allowed to view a Foswiki web. You can restrict access to certain webs to selected Users and Groups, by:

authenticating all webs and restricting selected webs: Topic access in all webs is authenticated, and selected webs have restricted access.

authenticating and restricting selected webs only: Provide unrestricted viewing access to open webs, with authentication and restriction only on selected webs.

You can define these settings in the WebPreferences topic, preferable towards the end of the topic:

Set DENYWEBVIEW = < comma-delimited list of Users and Groups >

Set ALLOWWEBVIEW = < comma-delimited list of Users and Groups >

Set DENYWEBCHANGE = < comma-delimited list of Users and Groups >

Set ALLOWWEBCHANGE = < comma-delimited list of Users and Groups >

Set DENYWEBRENAME = < comma-delimited list of Users and Groups >

Set ALLOWWEBRENAME = < comma-delimited list of Users and Groups >

If your site allows hierarchical webs, then access to sub-webs is determined from the access controls of the parent web, plus the access controls in the sub-web. So, if the parent web has ALLOWWEBVIEW set, this will also apply to the subweb. Also note that you will need to ensure that the parent web's FINALPREFERENCES does not include the access control settings listed above. Otherwise you will not be able override the parent web's access control settings in sub-webs.

Creation and renaming of sub-webs is controlled by the WEBCHANGE setting on the parent web (or ROOTCHANGE for root webs). Renaming is additionally restricted by the setting of WEBRENAME in the web itself.

Note: If you restrict access to the Main, make sure to add the TWikiRegistrationAgent so that users can register. Example:

Set ALLOWWEBCHANGE = TWikiAdminGroup, TWikiRegistrationAgent

Note: For Web level access rights Setting any of these settings to an empty value has the same effect as not setting them at all. Please note that the documentation of TWiki 4.0 and earlier versions of TWiki 4.1 did not reflect the actual implementation, e.g. an empty ALLOWWEBVIEW does not prevent anyone from viewing the web, and an an empty DENYWEBVIEW does not allow all to view the web.

Controlling access to a Topic

You can define these settings in any topic, preferable towards the end of the topic:

Set DENYTOPICVIEW = < comma-delimited list of Users and Groups >

Set ALLOWTOPICVIEW = < comma-delimited list of Users and Groups >

Set DENYTOPICCHANGE = < comma-delimited list of Users and Groups >

Set ALLOWTOPICCHANGE = < comma-delimited list of Users and Groups >

Set DENYTOPICRENAME = < comma-delimited list of Users and Groups >

Set ALLOWTOPICRENAME = < comma-delimited list of Users and Groups >

Remember when opening up access to specific topics within a restricted web that other topics in the web - for example, the WebLeftBar - may also be accessed when viewing the topics. The message you get when you are denied access should tell you what topic you were not permitted to access.

Be careful with empty values for any of these.

Set ALLOWTOPICVIEW = This means the same as not setting it at all. (This was documented wrong in versions 4.0.X, 4.1.0 and 4.1.1)

Set DENYTOPICVIEW = Since TWiki 4.0 this means do not deny anyone the right to view this topic. If DENYTOPICVIEW is set to an empty value anyone has access even if ALLOWTOPICVIEW or ALLOWWEBVIEW is defined. This allows to have very restrictive default access rights to an entire web and still allow individual topics to have more open access.

The same rules apply to ALLOWTOPICCHANGE/DENYTOPICCHANGE and APPLYTOPICRENAME/DENYTOPICRENAME. Setting ALLOWTOPICCHANGE or ALLOWTOPICRENAME to en empty value means the same as not defining it. Setting DENYTOPICCHANGE or DENYTOPICRENAME to an empty value means that anyone can edit or rename the topic.

If the same setting is defined multiple times the last one overrides the previous. They are not OR'ed together.

The setting to an empty has caused confusion and great debate and it has been decided that the empty setting syntax will be replaced by something which is easier to understand in a later version of TWiki. A method to upgrade will be provided. Please read the release notes carefully when you upgrade.

See "How TWiki evaluates ALLOW/DENY settings" below for more on how ALLOW and DENY interacts.

Securing File Attachments

By default, TWiki does not secure file attachments. Without making the following changes to the twiki.conf file, it is possible for anyone who has access to the server to gain access to an attachment if they know the attachment's fully qualified path, even though access to the topic associated with the attachment is secured. This is because attachments are referred to directly by Apache, and are not by default delivered via TWiki scripts. This means that the above instructions for controlling to topics do not apply to attachments unless you make the changes as described below.

An effective way to secure attachments is to apply the same access control settings to attachments as those applied to topics. This security enhancement can be accomplished by instructing the webserver via Apache's mod_rewrite module to redirect accesses to attachments via the TWiki viewfile script, which honors the TWiki access controls settings to topics.

The preferred method to secure attachments is by editing the twiki.conf file to include:

Images embedded in topics will load slower since attached images will also be delivered by the viewfile script. The TWiki web and Sandbox web are excluded for performance reasons.

As an alternative to editing the twiki.conf file used by Apache, you can make the same change directly to the .htaccess file in the /twiki/bin directory.

The viewfile script sets the mime type based upon file name suffix. Unknown types are served as text/plain which can result in corrupt files.

Controlling who can manage top-level webs

Top level webs are a special case, because they don't have a parent web with a WebPreferences. So there has to be a special control just for the root level.

You can define these settings in the Main.%TWIKIPREFSTOPIC% topic, preferable towards the end of the topic:

Set DENYROOTCHANGE = < comma-delimited list of Users and Groups >

Set ALLOWROOTCHANGE = < comma-delimited list of Users and Groups >

Note that you do not require ROOTCHANGE access to rename an existing top-level web. You just need WEBCHANGE in the web itself.

How TWiki evaluates ALLOW/DENY settings

When deciding whether to grant access, TWiki evaluates the following rules in order (read from the top of the list; if the logic arrives at PERMITTED or DENIED that applies immediately and no more rules are applied). You need to read the rules bearing in mind that VIEW, CHANGE and RENAME access may be granted/denied separately.

access is PERMITTEDi.e no-one is denied access to this topic.Attention: Use this with caution. This is deprecated and will likely change in the next release.

If ALLOWTOPIC is set

people in the list are PERMITTED

everyone else is DENIED

If DENYWEB is set to a list of wikinames

people in the list are DENIED access

If ALLOWWEB is set to a list of wikinames

people in the list will be PERMITTED

everyone else will be DENIED

If you got this far, access is PERMITTED

Access control and INCLUDE

ALLOWTOPICVIEW and ALLOWTOPICCHANGE only applies to the topic in which the settings are defined. If a topic A includes another topic B, topic A does not inherit the access rights of the included topic B.

Examples: Topic A includes topic B

If the included topic B has ALLOWTOPICCHANGE set to block editing for a user, it does not prevent editing the including topic A.

If the included topic B has ALLOWTOPICVIEW set to block view for a user, the user can still view topic A but he cannot see the included topic B. He will see a message No permission to view B

Access Control quick recipes

Obfuscating Webs

Another way of hiding webs is to keep them hidden by not publishing the URL and by preventing the all webs search option from accessing obfuscated webs. Do so by enabling the NOSEARCHALL variable in WebPreferences:

Set NOSEARCHALL = on

This setup can be useful to hide a new web until content its ready for deployment, or to hide view access restricted webs.

Note: Obfuscating a web without view access control is very insecure, as anyone who knows the URL can access the web.

Restrict Access to Whole TWiki Site

For a firewalled TWiki, e.g. an intranet wiki or extranet wiki, you want to allow only invited people to access your TWiki. In this case, enable user authentication with ApacheLogin and lock down access to the whole twiki/bin and twiki/pub directories to all but valid users. In the Apache .htaccess file or the appropriate .conf file, replace the <FilesMatch "(attach|edit|... section with this:

<FilesMatch ".*">
require valid-user
</FilesMatch>

If needed, you can further restrict access to selected webs with ALLOWWEBVIEW and other access control settings.

Note: With this configuration, someone with access to the site needs to register new users.

Authenticate all Webs and Restrict Selected Webs

Use the following setup to authenticate users for topic viewing in all webs and to restrict access to selected webs. Requires TWikiUserAuthentication to be enabled.

Set require valid-user on your view script in .htaccess or the appropriate Apache .conf file. As of 4.x, this looks like: FilesMatch "(attach|edit|manage|rename|save|view|upload|mail|logon|.*auth).*" (normally view is not in that list).

Restrict view access to selected Users and Groups. Set one or both of these variables in its WebPreferences topic:

Set DENYWEBVIEW = < list of Users and Groups >

Set ALLOWWEBVIEW = < list of Users and Groups >

Note:DENYWEBVIEW is evaluated before ALLOWWEBVIEW. Access is denied if the authenticated person is in the DENYWEBVIEW list, or not in the ALLOWWEBVIEW list. Access is granted if DENYWEBVIEW and ALLOWWEBVIEW are not defined.

Authenticate and Restrict Selected Webs Only

Use the following setup to provide unrestricted viewing access to open webs, with authentication only on selected webs. Requires TWikiUserAuthentication to be enabled.

Restrict view access to selected Users and Groups. Set one or both of these variables in its WebPreferences topic:

Set DENYWEBVIEW = < list of Users and Groups >

Set ALLOWWEBVIEW = < list of Users and Groups >

Note:DENYWEBVIEW is evaluated before ALLOWWEBVIEW. Access is denied if the authenticated person is in the DENYWEBVIEW list, or not in the ALLOWWEBVIEW list. Access is granted if DENYWEBVIEW and ALLOWWEBVIEW are not defined.

Hide Control Settings

Tip: To hide access control settings from normal browser viewing, you can put them into the topic preference settings by clicking the link Edit topic preference settings under More topic actions menu. Preferences set in this manner are not visible in the topic text, but take effect nevertheless. Access control settings added as topic preference settings are stored in the topic meta data and they override settings defined in the topic text.

Alternatively, place them in HTML comment markers, but this exposes the access setting during ordinary editing.

TWiki Text Formatting

Working in TWiki is as easy as typing in text. You don't need to know HTML, though you can use it if you prefer. Links to topics are created automatically when you enter WikiWords. And TWiki shorthand gives you all the power of HTML with a simple coding system that takes no time to learn. It's all laid out below.

TWiki Editing Shorthand

Formatting Command:

You write:

You get:

Paragraphs:
Blank lines will create new paragraphs.

1st paragraph
2nd paragraph

1st paragraph

2nd paragraph

Headings:
Three or more dashes at the beginning of a line, followed by plus signs and the heading text. One plus creates a top level heading, two pluses a second level heading, etc. The maximum heading depth is 6.

You can create a table of contents with the %TOC% variable. If you want to exclude a heading from the TOC, put !! after the ---+.

Empty headings are allowed, but won't appear in the table of contents.

---++ Sushi
---+++ Maguro
---+++!! Not in TOC

Sushi

Maguro

Not in TOC

Bold Text:
Words get shown in bold by enclosing them in * asterisks.

*Bold*

Bold

Italic Text:
Words get shown in italic by enclosing them in _ underscores.

_Italic_

Italic

Bold Italic:
Words get shown in bold italic by enclosing them in __ double-underscores.

__Bold italic__

Bold italic

Fixed Font:
Words get shown in fixed font by enclosing them in = equal signs.

You can follow the closing bold, italic, or other (* _ __ = ==) indicator
with normal punctuation, such as commas and full stops.

Make sure there is no space between the text and the indicators.

_This works_,
_this does not _

This works,
_this does not _

Verbatim (Literal) Text:
Surround code excerpts and other formatted text with <verbatim> and </verbatim> tags.verbatim tags disable HTML code. Use <pre> and </pre> tags instead if you want the HTML code within the tags to be interpreted. NOTE: Preferences variables (* Set NAME = value) are set within verbatim tags.

Separator (Horizontal Rule):
Three or more three dashes at the beginning of a line..

-------

Bulleted List:
Multiple of three spaces, an asterisk, and another space. For all the list types, you can break a list item over several lines by indenting lines after the first one by at least 3 spaces.

* level 1
* level 2
* back on 1
* A bullet
broken over
three lines
* last bullet

level 1

level 2

back on 1

A bullet broken over three lines

last bullet

Numbered List:
Multiple of three spaces, a type character, a dot, and another space. Several types are available besides a number:

WikiWord Links:
CapitalizedWordsStuckTogether (or WikiWords) will produce a link automatically if preceded by whitespace or parenthesis. If you want to link to a topic in a different web write Otherweb.TopicName.
To link to a topic in a subweb write Otherweb.Subweb.TopicName. The link label excludes the name of the web, e.g. only the topic name is shown. As an exception, the name of the web is shown for the WebHome topic. Dots '.' are used to separate webs and subwebs from topic names and therefore cannot be used in topic names.

It's generally a good idea to use the TWikiVariables %SYSTEMWEB% and %USERSWEB% instead of TWiki and Main.

Anchors:
You can define a reference inside a TWiki topic (called an anchor name) and link to that. To define an anchor write #AnchorName at the beginning of a line. The anchor name must be a WikiWord of no more than 32 characters. To link to an anchor name use the [[MyTopic#MyAnchor]] syntax. You can omit the topic name if you want to link within the same topic.

Forced Links:
You can create a forced internal link by enclosing words in double square brackets.
Text within the brackets may contain optional spaces; the topic name is formed by capitalizing the initial letter and by removing the spaces; for example, [[text formatting FAQ]] links to topic TextFormattingFAQ. You can also refer to a different web and use anchors.
To "escape" double square brackets that would otherwise make a link, prefix the leading left square bracket with an exclamation point.

Specific Links:
You can create a link where you specify the link text and the URL separately using nested square brackets [[reference][text]]. Internal link references (e.g. WikiSyntax) and URLs (e.g. http://TWiki.org/) are both supported.
The rules described under Forced Links apply for internal link references.
Anchor names can be added as well, to create a link to a specific place in a topic.

Prevent a Link:
Prevent a WikiWord from being linked by prepending it with an exclamation point.

!SunOS

SunOS

Disable Links:
You can disable automatic linking of WikiWords by surrounding text with <noautolink> and </noautolink> tags. It is possible to turn off all auto-linking with a NOAUTOLINK preferences setting.

<noautolink>
RedHat & SuSE
</noautolink>

RedHat & SuSE

Mailto Links:
E-mail addresses are linked automatically. To create e-mail links that have more descriptive link text, specify subject lines or message bodies, or omit the e-mail address, you can write [[mailto:user@domain][descriptive text]].

Literal content:
TWiki generates HTML code from TWiki shorthand.
Experts surround anything that must be output literally in the HTML code, without the application of
TWiki shorthand rules, with <literal>..</literal> tags. any HTML
within literal tags must be well formed i.e. all tags must be properly closed before
the end of the literal block. TWiki Variables are expanded within literal blocks.

<literal>
| Not | A | Table |
<literal>

| Not | A | Table |

Protected content:Experts protect text from mangling by WYSIWYG editors using
<sticky>..</sticky> tags. Sticky tags don't have any effect on normal
topic display; they are only relevant when content has to be
protected from a WYSIWYG editor (usually because it isn't well-formed HTML, or because it
is HTML that WYSIWYG would normally filter out or modify). Protected
content appears as plain text in the WYSIWYG editor.

<sticky>
<div>
This div is required
</div>
</sticky>

This div is required

Using HTML, CSS and JavaScript

You can use most HTML tags in topics without a problem. This is useful where you want to
add some content that is formatted in a way that is not supported using wiki syntax, for example,
you can write <strike>deleted text</strike> to get deleted text.

There are a few usability and technical considerations to keep in mind:

On collaboration pages, it's better not to use HTML, but to use wiki syntax instead - this keeps the text uncluttered and easy to edit using the plaintext editor.

You can also write [[http://yahoo.com Yahoo home page]] as an easier way of doing external links with descriptive text for the link, such as http://yahoo.com/ Yahoo home page.

TWiki Variables

TWiki Variables are names enclosed in percent signs that are that are expanded to some other text when the topic is displayed. For example, %TOPIC% is expanded to TWikiVariablesQuickStart. Some variables can take arguments in curly braces - for example, %INCLUDE{"OtherTopic" ARG="arg"}%.

Many TWiki variables are built-in, and others are predefined for your convenience. TWikiVariables describes how you can also define your own TWiki Variables at the entire site, individual web, or individual topic level. Variables are fully expanded before any of the TWiki text formatting rules are applied.

Commonly used variables:

%TOC% : Automatically generates a table of contents based on headings in a topic - see the top of this page for an example.

%WEB% : The current web, is System.

%TOPIC% : The current topic name, is TWikiVariablesQuickStart.

%ATTACHURL% : The attachment URL of the current topic. Example usage: If you attach a file to a topic you can refer to it as %ATTACHURL%/image.gif to show the URL of the file or the image in your text.

%INCLUDE{"SomeTopic"}% : Server side include, includes another topic. The current web is the default web. Example: %INCLUDE{"System.SiteMap"}%

%SEARCH{"sushi"}% : Inline search showing the search result embedded in a topic. FormattedSearch gives you control over formatting, used to create web-based applications.

Documentation Graphics: There are many graphics available to use in your topics. Use %ICON{"help"}%, %ICON{"tip"}%, and %ICON{"warning"}% to get: , , and , respectively.

Common Editing Errors

TWiki formatting rules are fairly simple to use and quick to type. However, there are some things to watch out for, taken from the TextFormattingFAQ:

Q: Text enclosed in angle brackets like <filename> is not displayed. How can I show it as it is?

A: The '<' and '>' characters have a special meaning in HTML, they define HTML tags. You need to escape them, so write '&lt;' instead of '<', and '&gt;' instead of '>'. Example: Type 'prog &lt;filename&gt;' to get 'prog <filename>'.

TWiki Variables

Special text strings expand on the fly to display user data or system info

TWikiVariables are text strings - %VARIABLE% or %VARIABLE{ parameter="value" }% - that expand into content whenever a topic is rendered for viewing. There are two types of variables:

Preferences variables: Can be defined and changed by the user

Predefined variables: Defined by the TWiki system or by plugins (for example, the SpreadSheetPlugin introduces a %CALC{}% variable)

Using Variables

To use a variable type its name. For example,

type %T% to get (a preferences variable)

type %TOPIC% to get TWikiVariables (a predefined variable)

type %CALC{ "$UPPER(Text)" }% to get TEXT (a variable defined by a plugin)

Note:

To leave a variable unexpanded, precede it with an exclamation point, e.g. type !%TOPIC% to get %TOPIC%

Variables are expanded relative to the topic they are used in, not the topic they are defined in

Type %ALLVARIABLES% to get a full listing of all variables defined for a particular topic

Variable Names

Variable names must start with a letter. The following characters can be letters, numbers and the underscore '_'. You can use both upper-case and lower-case letters and you can mix the characteres. E.g. %MYVAR%, %MyVar%, %My2ndVar%, and %My_Var% are all valid variable names. Variables are case sensitive. %MyVAR% and %MYVAR% are not the same variable.

By convention all settings, predefined variables and variables used by plugins are always UPPER-CASE.

Preferences Variables

Unlike predefined variables, preferences variables can be defined by the user in various places.

Settings at higher-numbered levels override settings of the same variable at lower numbered levels, unless the variable was included in the setting of FINALPREFERENCES at a lower-numbered level, in which case it is locked at the value it has at that level.

If you are setting a variable and using it in the same topic, note that TWiki reads all the variable settings from the saved version of the topic before it displays anything. This means you can use a variable anywhere in the topic, even if you set it somewhere inconspicuous near the end. But beware: it also means that if you change the setting of a variable you are using in the same topic, preview will show the wrong thing, and you must save the topic to see it correctly.

The syntax for setting variables is the same anywhere in TWiki (on its own TWiki bullet line, including nested bullets): [multiple of 3 spaces] * [space] Set [space] VARIABLENAME [space] = [space] value

Examples:

* Set VARIABLENAME1 = value
* Set VARIABLENAME2 = value

Spaces between the = sign and the value will be ignored. You can split a value over several lines by indenting following lines with spaces - as long as you don't try to use * as the first character on the following line.

Example:

* Set VARIABLENAME = value starts here
and continues here

Whatever you include in your variable will be expanded on display, exactly as if it had been entered directly.

Example: Create a custom logo variable

To place a logo anywhere in a web by typing %MYLOGO%, define the Variable on the web's WebPreferences topic, and upload a logo file, ex: mylogo.gif. You can upload by attaching the file to WebPreferences, or, to avoid clutter, to any other topic in the same web, e.g. LogoTopic. Sample variable setting in WebPreferences:

* Set MYLOGO = %PUBURL%/%WEB%/LogoTopic/mylogo.gif

You can also set preferences variables on a topic by clicking the link Edit topic preference settings under More topic actions. Use the same * Set VARIABLENAME = value syntax. Preferences set in this manner are not visible in the topic text, but take effect nevertheless.

Access Control Variables

These are special types of preferences variables to control access to content. TWikiAccessControl explains these security settings in detail.

Local values for variables

Certain topics (a users home topic, web site and default preferences topics) have a problem; variables defined in those topics can have two meanings. For example, consider a user topic. A user may want to use a double-height edit box when they are editing their home topic - but only when editing their home topic. The rest of the time, they want to have a normal edit box. This separation is achieved using Local in place of Set in the variable definition. For example, if the user sets the following in their home topic:

* Set EDITBOXHEIGHT = 10
* Local EDITBOXHEIGHT = 20

Then when they are editing any other topic, they will get a 10 high edit box. However when they are editing their home topic, they will get a 20 high edit box. Local can be used wherever a preference needs to take a different value depending on where the current operation is being performed.

Use this powerful feature with great care! %ALLVARIABLES% can be used to get a listing of the values of all variables in their evaluation order, so you can see variable scope if you get confused.

Predefined Variables

Most predefined variables return values that were either set in the configuration when TWiki was installed, or taken from server info (such as current username, or date and time). Some, like %SEARCH%, are powerful and general tools.

Plugins may extend the set of predefined variables (see individual plugin topics for details)

Take the time to thoroughly read through ALL preference variables. If you actively configure your site, review variables periodically. They cover a wide range of functions, and it can be easy to miss the one perfect variable for something you have in mind. For example, see %INCLUDINGTOPIC%, %INCLUDE%, and the mighty %SEARCH%.

ADDTOZONE -- add content to a named zone on the page

Parameters

comma-separated list of the names of zones that the content should be added to. The only zones guaranteed to exist are head and script

head

id

identifier for the text being added with the ADDTOZONE call, to be used in the requires parameter of other ADDTOZONE calls. Multiple ADDTOZONE calls with the same id parameter will simply overwrite the earlier ADDTOZONE call.

requires

comma separated string of ids of text within this zone that this content should follow when the zone is rendered. The content will be rendered even if a specified id is missing.

text

text to be added to the named zone, mutually exclusive with topic.

topic

full qualified web.topic name that contains the text to be added, mutually exclusive with text.

What is a "Zone"?

Zones are specific places in the output HTML that are marked by calls to the
RENDERZONE macro. Zones are used to collect various content
together, such as Javascript and CSS, that must be included in the output HTML
in a specific order, and in a specific place.

There are two special zones called head and script. The head zone is rendered
as part of the HTML head section. It is the catch-all container for any content supposed
to be placed into the HTML head section, except Javascript, which is collected in the
script zone.

All Javascript must always be added to the script zone exclusively, in order to
grant ordering constraints among scripts are resolved properly. Never add Javascript to
the head zone -- never add non-Javascript content to the script zone.

Both zones are added to the HTML head section automatically just before the
closing </head> tag as if they were specified explicitly in the skin templates using:

<head>
...
%RENDERZONE{"head"}%
%RENDERZONE{"script"}%
</head>

You may create as many zones in addition to the standard head and script
zones as you like. For any non-standard zone specified in
ADDTOZONE you will also need to provide an appropriate
RENDERZONE.

Interesting use cases in wiki applications:

Create a sidebar zone to add widgets,

Create a toolbar zone to add buttons icons

Create a menu zone to add menu entries

Adding content to a zone

ADDTOZONE adds content to a zone identified with the id parameter.
An id identifier is unique within the zone that they are added to.
When the same id is used in multiple calls to ADDTOZONE the
last call will win, that is previous content of the same id will be overwritten.

Enforcing a linear order of content within a zone

An ADDTOZONE call may ensure that its content appears after the
content of some other ADDTOZONE calls by specifying their ids in
the requires parameter. The requires parameter constraints the linear order
of content added to a zone. When a zone is rendered, all ordering constraints
expressed via requires are satisfied. Those ids not found in a zone don't
have any influence on the final ordering. Missing ids aren't considered an error
rather than an over-specified ordering problem.

Working with {MergeHeadAndScriptZones} disabled (default)

In this mode, the head and script zones are treated separately.

Even when head and script zones are treated separately, the head zone will
always be rendered before the script zone, unless otherwise specified using RENDERZONE explicitly.
So any content in the script zone that depends on content placed into
the head zone is satisfied intrinsicly as they are both rendered as specified above.

Working with {MergeHeadAndScriptZones} enabled

In this mode, the head and script zones are separate when adding to them,
but may be treated as merged when you call RENDERZONE if
there are any dependencies specified that only exist in the opposite zone. This
allows an ADDTOZONE{"head"...} to to successfully require an id that has
been added to script.

{MergeHeadAndScriptZones} is provided to
maintain compatibility with legacy extensions that use
ADDTOHEAD to add <script> markup and require content
that is now in the script zone. {MergeHeadAndScriptZones} will be removed
from a future version of Foswiki.

Examples

Adding to a zone with missing dependencies

You must ensure that no head content (and no inline Javascript) depends on
script content. Any such dependency will be ignored.

In real world application this isn't a problem as Javascript is never added
to the head zone or Javascript zone part of the script zone never really
depends on non-Javascript content part of the head zone.

HTML comment decoration which normally appears after each id's
content in the rendered HTML will contain a small informative text to aid
debugging.

Adding Javascript to a page

Make sure that all inline Javascript code in the topic (if it is allowed)
is added to the page using %ADDTOZONE{"script"...requires="library-id"}%
with the appropriate library-id to guarantee a correct load order. For example, jQuery code should be added as follows:

Note:%<color>% text must end with %ENDCOLOR%. If you want to switch from one color to another one you first need to end the active color with %ENDCOLOR%, e.g. write %RED% some text %ENDCOLOR% %GREEN% more text %ENDCOLOR%.

ATTACHURL -- full URL for attachments in the current topic

Shorthand for PUBURL, with path set to the current topic. Otherwise supports all the same parameters as PUBURL.

ATTACHURLPATH -- path of the attachment URL of the current topic

Shorthand for PUBURLPATH with path set to the current topic. Otherwise supports all the same parameters as PUBURLPATH.

AUTHREALM -- authentication realm

String defined as the {AuthRealm} expert option in configureSecurity And Authentication tab, =Login sub-tab.. This is used in certain password encodings, and in login templates as part of the login prompt.

Examples

%AUTHREALM% expands to Enter your WikiName. (First name and last name, no space, no dots, capitalized, e.g. JohnSmith). Cancel to register if you do not have one.

BASETOPIC -- base topic where an INCLUDE started

The name of the topic where a single or nested INCLUDE started - same as %TOPIC% if there is no INCLUDE.
This is the name of the topic requested by the user.

BASEWEB -- base web where an INCLUDE started

The web name where the includes started, e.g. the web of the first topic of nested includes. Same as %WEB% in case there is no include. This is the name of the web requested by the user.

Note:%<color>% text must end with %ENDCOLOR%. If you want to switch from one color to another one you first need to end the active color with %ENDCOLOR%, e.g. write %RED% some text %ENDCOLOR% %GREEN% more text %ENDCOLOR%.

Note:%<color>% text must end with %ENDCOLOR%. If you want to switch from one color to another one you first need to end the active color with %ENDCOLOR%, e.g. write %RED% some text %ENDCOLOR% %GREEN% more text %ENDCOLOR%.

Note:%<color>% text must end with %ENDCOLOR%. If you want to switch from one color to another one you first need to end the active color with %ENDCOLOR%, e.g. write %RED% some text %ENDCOLOR% %GREEN% more text %ENDCOLOR%.

Examples

Note: BUTTONS are floating to the left by default. Take care to add a %CLEAR% after the %BUTTON{...}% so that further content does not overlap with the button.

CALC -- add spreadsheet calculations to tables and outside tables

The %CALC{"formula"}% macro is handled by the SpreadSheetPlugin. There are around 90 formulae, such as $ABS(), $EXACT(), $EXISTS(), $GET()/$SET(), $IF(), $LOG(), $LOWER(), $PERCENTILE(), $TIME(), $VALUE().

This macro is specifically for manipulating data in tables, and so is evaluated after the normal Macro expansion order. If you need a standard ordered evaluation see CALCULATE

Examples

%CALC{"$SUM($ABOVE())"}% returns the sum of all cells above the current cell

The %CALCULATE{"formula"}% macro is handled by the SpreadSheetPlugin. There are around 90 formulae, such as $ABS(), $EXACT(), $EXISTS(), $GET()/$SET(), $IF(), $LOG(), $LOWER(), $PERCENTILE(), $TIME(), $VALUE(). This macro is uses the normal (left to right, inside out) Macro expansion order. If you need to evaluate after expanding table data, see CALC

COMMENT -- insert an edit box into the topic to easily add comments.

Parameters

The following standard attributes are recognized

Name

Description

Default

type

This is the name of the template to use for this comment. Comment templates are defined in a Foswiki template - see Customisation, below. If this attribute is not defined, the type is whatever is defined by COMMENTPLUGIN_DEFAULT_TYPEpreference setting.

below

default

Default text to put into the prompt.

target

Name of the topic to add the comment to

the current topic

mode

For compatibility with older versions only, synonymous with type

nonotify

Set to "on" to disable change notification for target topics

off

noform

Set to "on" to disable the automatic form that is generated around your comment prompt if you don't provide a FORM template. See CommentPluginExamples:noform for an example.

off

nopost

Set to "on" to disable insertion of the posted text into the topic.

off

remove

Set to "on" to remove the comment prompt after the first time it is clicked.

off

button

Button label text

Add comment

Examples

A %COMMENT% without parameters shows a simple text box.

COVER -- current skin cover

Extends the skin search path. For instance, if SKIN is set to catskin, bearskin, and COVER is set to ruskin, the skin search path becomes ruskin, catskin, bearskin.

The COVER setting can be overridden using the URL parameter cover, such as ?cover=ruskin

Examples

%COVER% currently expands to %COVER% (it will only expand when a cover is actually set)

EDITACTION -- Selects an edit template

EDITACTION defined in a topic or preference setting will define the use of an editaction template instead of the standard edit. If EDITACTION is defined as text, then hide the form. If EDITACTION is defined as form hide the normal text area and only edit the form.

When EDITACTION is defined as text or form the Edit and Edit Raw buttons simply add ;action=text or ;action=form to the URL for the edit script. If you have defined EDITACTION in a topic setting or preference setting you can still edit the topic content or the form by removing the ;action=form or ;action=text from the edit URL in the browser and reload.

Rows can be added and removed if "on" Rows can be added but not removed if "add" Rows cannot be added or removed if "off"

CHANGEROWS plugin setting

editbutton

Set edit button text, e.g. "Edit this table"; set button image with alt text, e.g. "Edit table, %PUBURL%/%SYSTEMWEB%/DocumentGraphics/edittopic.gif"; hide edit button at the end of the table with "hide" (Note: Button is automatically hidden if an edit button is present in a cell)

EDITBUTTON plugin setting

format

The format of one column when editing the table. A cell can be a text input field, or any of these edit field types:

Specify the header format of a new table like "|*Food*|*Drink*|". Useful to start a table with only a button

(no header)

headerislabel

Table header cells are read-only (labels) if "on"; header cells can be edited if "off" or "0"

"on"

helptopic

Topic name containing help text shown below the table when editing a table. The %STARTINCLUDE% and %STOPINCLUDE% macros can be used in the topic to specify what is shown.

(no help text)

include

Other topic defining the EDITTABLE parameters. The first %EDITTABLE% in the topic is used. This is useful if you have many topics with the same table format and you want to update the format in one place. Use topic or web.topic notation.

(none)

javascriptinterface

Use javascript to directly move and delete row without page refresh. Enable with "on", disable with "off".

ENCODE -- encode characters in a string

Encode character sequences in "string", by mapping characters (or sequences of characters) to an alternative character (or sequence of characters). This macro can be used to encode strings for use in URLs, to encode to HTML entities, to protect quotes, and for as many other uses as you can imagine.

Parameters

Parameter

Description

Default

"string"

String to encode

"" (empty string)

type

Use a predefined encoding (see below).

Default is 'url'. Parameter type not be used if old or new are given.

old

Comma-separated list of tokens to replace. Tokens are normally single characters, but can also be sequences of characters. The standard format tokens may be used in this list. Each token must be unique - you cannot list the same token twice.

May not be used with type; required if new is used

new

comma-separated list of replacement tokens. The elements in this list match 1:1 with the elements in the old list. Again, the standard format tokens may be used. An empty element in the new list will result in the corresponding token in the old list being deleted from the string. If the new list is shorter than the old list it will be extended to the same length using the empty element. Tokens do not have to be unique.

When using old and new, be aware that the results of applying earlier tokens are not processed again using later tokens. (see examples below)

May not be used with type; required if old is used

If ENCODE is called with no optional parameters (e.g. %ENCODE{"string"}%) then the default type="url" encoding will be used.

ENCODE can be used to filter user input from URL parameters and similar to help protect against cross-site scripting. The safest approach is to use type="entity". This can however prevent an application from fully working. You can alternatively use type="safe" which encodes only the characters '"<>% into HTML entities. When ENCODE is passing a string inside another macro always use double quotes ("") type="quote". For maximum protection against cross-site scripting you are advised to install the Foswiki:Extensions.SafeWikiPlugin.

Double quotes in strings must be escaped when passed into other macros. Example:

Note:%<color>BG% section must end with %ENDBG%. If you want to switch from one background color to another one you first need to end the active background color with %ENDBG%, such as %REDBG% some text %ENDBG% %GREENBG% more text %ENDBG%.

Examples

ENDINCLUDE -- end position of topic text if included

If present in included topic, stop to include text at this location and ignore the remaining text. A normal view of the topic shows everyting exept the %STOPINCLUDE% macro itself.

ENDSECTION -- marks the end of a named section within a topic

If the STARTSECTION is named, the corresponding ENDSECTION must also be named with the same name. If the STARTSECTION specifies a type, then the corresponding ENDSECTION must also specify the same type. If the section is unnamed, ENDSECTION will match with the nearest unnamed %STARTSECTION%of the same type above it.

ENDTABPANE -- ending tag for tabpane widget

ENDTWISTY -- complements an opening TWISTY tag to close a twisty

ENDTWISTYTOGGLE -- Twisty closure

Will end the most inner unclosed Twisty Toggle section, using the proper tag

Examples

%ENDTWISTYTOGGLE%

ENV -- inspect the value of an environment variable

Returns the current value of the environment variable in the CGI (Common Gateway Interface) environment. This is the environment that the CommandAndCGIScripts are running in.

If an environment variable is undefined (as against being set to the empty string) it will be returned as not set.

Note: For security reasons, only those environment variables whose names match the regular expression in the configuration setting {AccessibleENV} (in the Security Settings/Miscellaneous section of configure) can be displayed. Any other variable will just be shown as an empty string, irrespective of its real value.

Parameters

Examples

EXPAND -- expand macros in a string as if they were used in another topic

The viewer must have VIEW access to topictoexpandin for this to work. All the standard formatting macros can be used in expression, such as $percent and $quot.

Parameters

Parameter

Description

Default

"text"

Text to expand. Note that %-signs must be escaped using $percent, or they will be expanded in the context of the calling topic

scope

Scope to expand the topic in. This is the name of a topic. You can use Web.Topic syntax to refer to a topic in another web

%TOPIC%

Examples

EXPAND can be useful when you want to pick up the value of macros defined in another topic. For example, you might want to define a set of preferences in one topic, but pick up their value in another topic (this is very useful when building reusable applications). In this case you can write:

* Set MYPREFERENCE = value

in "SettingsTopic" and then, in "MyTopic", write:

%EXPAND{"$percentMYPREFERENCE$percent" scope="SettingsTopic"}%

Of course we can also write:

%EXPAND{"$percentMYPREFERENCE$percent" scope="%OTHERTOPIC%"}%

which lets us select which other topic to get the preference value from.

Additional parameters can be passed to the macro being expanded using the standard macro syntax in the name of the macro; for example,

If type="string" then the comma separated list is treated as a list of
strings. In this case, the format tokens $index and $item will return
the position of the item in the list (1-based), and the item itself,
respectively. Note that a comma can be embedded in the data using the standard
formatting token $comma.

The FORMAT macro is currently only of use in formatting lists of topics,
or of simple strings. It will be extended in future releases to add the
capability to render other object types.

Text shown if the field is defined in the topic, but the field value is empty. For example, a text field for which all the content has been deleted.

alttext

Text shown if the field is not defined in the topic (even if it is specified in the form definition). For example, this is used when a field exists in the form definition, but the referring topic hasn't been edited since it was added.

rev="n"

Specify a revision of the topic. If not specified, defaults to the most recent rev (or the viewed rev if viewing an old rev of the same topic)

Tokens expanded in format:

$value expands to the raw field value

$value(display) is the form field value after mapping the stored value to the display value (use with +values form fields). If the field type does not support value mapping, renders the same as $value

$name is the field name

$title expands to the field title

$formname gives the name of the form the field is in. $form is maintained for compatibility, but is deprecated

Note:%<color>% text must end with %ENDCOLOR%. If you want to switch from one color to another one you first need to end the active color with %ENDCOLOR%, e.g. write %RED% some text %ENDCOLOR% %GREEN% more text %ENDCOLOR%.

Note:%<color>% text must end with %ENDCOLOR%. If you want to switch from one color to another one you first need to end the active color with %ENDCOLOR%, e.g. write %RED% some text %ENDCOLOR% %GREEN% more text %ENDCOLOR%.

If set, and there are no Groups or Members that can be shown, the header and footer are suppressed, and this text is output

undefined

show

filter the output list of Groups - can be set to all, allowschange, denychange, allowschange(UserWikiName), denychange(UserWikiName)

all

expand

Set false if users should not be expanded from nested groups. Default behavior is to expand all nested groups into a flat list of users.

1

limit

If set, limits the number of results to this

∞

limited

If limit is set, and the list is truncated, this text will be added at the end of the list

Note: GROUPINFO will not list members that are hidden from the current authenticated user. If the current user does not have VIEW authority for a user's topic, then the user will not be shown as a group member.

HISTORY -- control attributes of tables and sorting of table columns

Parameters

Format of one line, may include any variable which is supported by macro REVINFO

r$rev - $date - $wikiusername

topic

Topic name, can be in web.topic format

current topic

web

Web name

current web

versions

Number or range (format: from..to). Examples: To get version 2, write: versions="2" To get version 2 to 3, write: versions="2..3" To get version 2 to the latest, write: versions="2.." To get all versions up to version 5, write: versions="..5" To get all versions up to but not including the latest, write: versions="..-1" To get the versions from 1 to 5 in reverse order, write: versions="5..1"

all versions in the order latest to first

header

Text to print before the list. May contain the tokens $next and $previous which will be evaluated if there are newer or older revisions available for the topic that are not listed according to versions (or rev1, rev2, nrev). These tokens take the syntax $next{'some text' url='url'} (the same for $previous). 'some text' is the text which should be printed, 'url' is the url for the corresponding link. The tokens $rev1, $rev2, $nrev in 'text' or 'url' will be replaced by appropriate values for the next or previous block of revisions. See the attached oopshistory.tmpl for an example of how to use this.

$next

footer="text"

Text to print after the list. May contain the tokens $next and $previous (see header)

$previous

Deprecated (but supported) parameters:

Parameter

Description

Default

nrev

Number of revisions to show. Ignored if versions is specified, or if both rev1 and rev2 are specified.

10

rev2

Newest revision to show

rev1+nrev if rev1 is specified, latest revision otherwise

rev1

Oldest revision to show

rev2-nrev

reverse

Show newest revisions first, if on

"on"

Additional macros

The following macros are expanded only if there is a corresponding %HISTORY% on the page. If more than one %HISTORY% is used on the same page, the values from the last one will be used.

I -- idea icon

ICON -- small documentation graphic or icon of common attachment types

Generates a small graphic image from the set attached to DocumentGraphics.
Images typically have a 16x16 pixel size.
You can select a specific image by name, or you can give a full filename, in which case the type of the file will be used to select one of a collection of common file type icons.
If you specify an icon which cannot be found, the one specified in the default parameter will be used (and if that fails, the else icon will be used)

If you find that ICON is producing broken HTML when it is used in another macro e.g. for formatting search results, then this may be because it is
using the wrong kind of quotes for the context. In this case you can control the quotes it uses using the quote parameter. For example

%ICON{"pdf" quote="'"}%

You can also use formatting tokens such as $quot and $dollar in quote.

ICONURL -- URL of small documentation graphic or icon

Generates the full URL of a DocumentGraphics image, which Foswiki renders as an image.
The related %ICON{"name"}% generates the full HTML img tag.
Specify image name or full filename (see ICON for details on filenames.)

Examples

%IF{"defined FUNFACTOR"
then="FUNFACTOR is defined"
else="FUNFACTOR is not defined"
}%

renders as

FUNFACTOR is not defined

INCLUDE -- include another topic, or subsection of a topic, or a URL, or Foswiki embedded documentation

(Including a topic) Parameters

Parameter:

Description:

Default:

"SomeTopic"

The name of a topic located in the current web, i.e. %INCLUDE{"WebNotify"}%

"Web.Topic"

A topic in another web, i.e. %INCLUDE{"System.SiteMap"}%

"Web.Topic, SomeOtherTopic, System.OrOtherTopic"

A list of topics - INCLUDE will include the first topic that exists and the user has permission to VIEW. If a section is also specified, it will use the first topic that has that section defined in it.

Adds the given offset to any HTML headings generated in the included text. Works on headings defined by HTML tags as well as headings defined using foswiki markup.

0

section

Includes only the specified named section, as defined in the included topic by the [VarSTARTSECTION][STARTSECTION{"name" type="section"} ]] and [VarENDSECTION][ENDSECTION{"name" type="section"}]] macros. Nothing is shown if the named section does not exists. section="" is equivalent to not specifying a section

Any other parameter will be defined as a macro within the scope of the included topic. The example parameters on the left will result in %PARONE% and %PARTWO% being defined within the included topic.

When a page is included, normally Foswiki will process it, doing the following: 1) Alter relative links to point back to originating host, 2) Remove some basic HTML tags (html, head, body, script) and finally 3) Remove newlines from HTML tags spanning multiple lines. If you prefer to include exactly what is in the source of the originating page set this to on. raw="on" is short for disableremoveheaders="on", disableremovescript="on", disableremovebody="on", disablecompresstags="on" and disablerewriteurls="on".

disabled

literal

While using the raw option will indeed include the raw content, the included content will still be processed and rendered like regular topic content. To disable parsing of the included content, set the literal option to "on".

off

disableremoveheaders

Bypass stripping headers from included HTML (everything until first </head> tag)

off

disableremovescript

Bypass stripping all <script> tags from included HTML

off

disableremovebody

Bypass stripping the </body> tag and everything around over and below it

INCLUDINGTOPIC -- name of topic that includes current topic

The name of the topic that includes the current topic - same as %TOPIC% in case there is no include.
If a topic is used in a chain of INCLUDEs, INCLUDINGTOPIC is set to the topic directly INCLUDing this one, NOT the topic that has been requested by the user (which is given by BASETOPIC)

Be careful of the subtle difference between INCLUDINGTOPIC and BASETOPIC. You probably should be using BASETOPIC

INCLUDINGWEB -- web that includes current topic

The web name of the topic that includes the current topic - same as %WEB% if there is no INCLUDE.
If a topic is used in a chain of INCLUDEs, INCLUDINGWEB is set to the topic directly INCLUDing this one, NOT the web that has been requested by the user (which is given by BASEWEB)

Be careful of the subtle difference between INCLUDINGWEB and BASEWEB. You probably should be using BASEWEB

JQICONPATH -- render the url path to an image icon

This is a shortcut for:

%JQICON{"name" format="$iconPath"}%

Note that this macro only makes sense for image icons, those that refer to a single image file. It does not work for font icons such as those defined in JQueryFontAwesome.
This web font holds all icons in one large font file and as such cannot be refered to individually by means of their url path the same way as images can.

JQREQUIRE -- enable a plugin on the current page

This macro will load a list of plugins to be added to the current page. Use JQPLUGINS to display
the list of available and active plugins. While loading a plugin, additional plugins it may depend on are loaded as well.
Information about these dependencies is stored within the plugins themselves and can't be changed. Dependencies also make
sure the javascript code is added to the html page in the right order. It uses ADDTOZONE
to aggregate javascript and css at the right place on the html page.

in case of an error JQREQUIRE will produce an inline HTML error message.

Parameters

Parameter

Description

Default

"plugin,plugin,plugin"

comma-separated list of plugins to be loaded

warn

(on/off) allows you to switch off warnings when a plugin was not found

JQTABPANE -- start a JQuery tab pane

Create nice looking horizontal tab panes in TWiki topics. Write a sequence of %JQTAB{"..."}% and %JQENDTAB% pairs, and enclose them in %JQTABPANE% and %JQENDTABPANE%. Tab panes can be nested, e.g. within one tab you can add another tab pane. These variable are handled by the JQueryPlugin.

JQTHEME -- switch jQuery UI theme

Foswiki's default UI theme is configured in $Foswiki::cfg{JQueryPlugin}{JQueryTheme} and defaults to foswiki.
Use configure to change this site wide. Use JQTHEME if you decide to use a different
theme on the current page.

Some Foswiki skins may come with their own jQuery UI matching the overall user experience of the web design.

in case of an error JQTHEME will produce an inline HTML error message.

Parameters

Parameter

Description

Default

"name"

name of theme: JQueryPlugin knows the following themes base, lightness, redmod, smoothness; additional themes maybe created using the themeroller and installed to /foswiki/pub/System/JQueryPlugin/$name

foswiki

warn

(on/off) allows you to switch off warnings when a theme was not found

on

LANG -- the language specified by the server locale

This macro is used to generate the lang (and xml:lang) attribute in generated HTML pages. If {UseLocale} is enabled, it is calculated from the configure Internationalization tab -> Locale sub-tab setting of {Site}{Locale}. Otherwise it defaults to en (English).

Examples

%LANG% expands to en

LANGUAGE -- language code for the current user

Returns the language code for the current user. This is the language used by Foswiki to generate the user interface.
The language is detected from the user's browser, unless some site/web/user/session-defined preference setting overrides it.

If a LANGUAGE preference is explicitly set, this will be used as the user language instead of any language detected from the browser.

Avoid defining LANGUAGE in a non- per-user way, otherwise users will not be able to choose their preferred language.

Examples

%LANGUAGE% expands to en

LANGUAGES -- list available languages

List the languages available (as PO files).
These are the languages in which the user interface is available.

Parameters

Parameter

Description

Default

format

format for each item. See below for format tokens available in the format string.

" * $langname"

separator

separator between items.

"\n" (newline) Note: The standard format tokens can also be used here.

marker

Text for $marker if the item matches selection

"selected"

selection

Current language to be selected in list

(none)

format tokens: (In addition to these tokens, the standard format tokens can also be used)

Token

Meaning

$langname

language's name, as informed by the translators

$langtag

language's tag. Ex: en, pt-br, etc.

$marker

Marker will be substituted only when the item matches the selection.

Examples

%LANGUAGES% expands to * English

<select>%LANGUAGES{format="<option $marker value='$langtag'>$langname</option>" selection="%LANGUAGE%"}%</select> creates an option list of the available languages with the current language selected

Note:%<color>% text must end with %ENDCOLOR%. If you want to switch from one color to another one you first need to end the active color with %ENDCOLOR%, e.g. write %RED% some text %ENDCOLOR% %GREEN% more text %ENDCOLOR%.

MAINWEB -- deprecated synonym for USERSWEB

MAKETEXT -- creates text using Foswiki's I18N infrastructure

Strings captured in the MAKETEXT macro are automatically mapped to the
current user's selected language via locale/*.po translation files.

Parameters

Parameter

Description

Default

"text"string="text"

The text to be displayed (the translatable string).

args

a comma-separated list of arguments to be interpolated in the string, replacing [_N] placeholders in it.

Examples

%MAKETEXT{string="Edit"}% expands to Edit

%MAKETEXT{"If you have any questions, please contact [_1]." args="%WIKIWEBMASTER%"}% expands to If you have any questions, please contact jlee@unist.ac.kr.

%MAKETEXT{"Did you want to [[[_1]][reset [_2]'s password]]?" args="%SYSTEMWEB%.ResetPassword,%WIKIUSERNAME%"}% expands to Did you want to reset Main.WikiGuest's password?

Notes

[_n] brackets are validated to a positive integer from 1 to 100.

Missing arguments are replaced with an empty string ''.

An ampersand (&) followed by one ascii alphabetic character (a...z, A...Z) in the translatable string will be expanded to an access key string. For example, &X will expand to <span class='foswikiAccessKey'>X</span>. If you want to write an actual ampersand, either follow it with a non-alphabetic character or write two consecutive ampersands (&&).

Translatable strings starting with underscores (_) are reserved. You cannot use translatable phrases starting with an underscore.

Make sure that the translatable string is constant. Do not include %MACROS% inside the translatable strings as they will be expanded before the %MAKETEXT{...}% itself is handled. You can, however, use macros in the args, as shown in the examples above.

The string will be output in English if no mapping can be found in the .po translation file for the current user's selected language.

Plurals

The %MAKETEXT macro also supports a limited subset of the quant style bracket notation:

Note:%<color>% text must end with %ENDCOLOR%. If you want to switch from one color to another one you first need to end the active color with %ENDCOLOR%, e.g. write %RED% some text %ENDCOLOR% %GREEN% more text %ENDCOLOR%.

Related

METASEARCH -- special search of meta data

METASEARCH is deprecated in favour of the new and much more powerful query type search. See SEARCH and QuerySearch.

Parameters

Parameter:

Description:

Default:

type="topicmoved"

What sort of search is required? "topicmoved" if search for a topic that may have been moved "parent" if searching for topics that have a specific parent i.e. its children "field" if searching for topics that have a particular form field value (use the name and value parameters to specify which field to search).

Required

web="%WEB%"

Wiki web to search: A web, a list of webs separated by whitespace, or all webs.

Current web

topic="%TOPIC%"

The topic the search relates to, for topicmoved and parent searches

All topics in a web

!| name | form field to search, for field type searches. May be a regular expression (see SEARCH). | |
!| value | form field value, for field type searches. May be a regular expression (see SEARCH). | |

Note:%<color>% text must end with %ENDCOLOR%. If you want to switch from one color to another one you first need to end the active color with %ENDCOLOR%, e.g. write %RED% some text %ENDCOLOR% %GREEN% more text %ENDCOLOR%.

Note:%<color>% text must end with %ENDCOLOR%. If you want to switch from one color to another one you first need to end the active color with %ENDCOLOR%, e.g. write %RED% some text %ENDCOLOR% %GREEN% more text %ENDCOLOR%.

Note:%<color>% text must end with %ENDCOLOR%. If you want to switch from one color to another one you first need to end the active color with %ENDCOLOR%, e.g. write %RED% some text %ENDCOLOR% %GREEN% more text %ENDCOLOR%.

Note:%<color>% text must end with %ENDCOLOR%. If you want to switch from one color to another one you first need to end the active color with %ENDCOLOR%, e.g. write %RED% some text %ENDCOLOR% %GREEN% more text %ENDCOLOR%.

Also supports topic_version and attachment_version parameters. These can be used with advanced store implementations to select specific attachment versions. However simple file-based stores do not normally support them.

The 'old' way of building URLs using PUBURL involved concatenating the web and topic names to the PUBURL e.g. %PUBURL%/Main/SystemFeatures. This practice is strongly discouraged, as it does not correctly handle encoding of the parts of the URL. At the first opportunity you should replace all such URLs with the equivalent %PUBURL%{topic="System.MainFeatures"}%, which will handle URL encoding for you.

ATTACHURL provides a shorter way to refer to the attachments on the current topic.

PUBURLPATH -- generate a relative URL for an attachment

Generate a relative URL for an attachment, or for a web or topic within the attachment database.

Also supports topic_version and attachment_version parameters. These can be used with advanced store implements to select specific attachment versions. However simple file-based stores do not normally support them.

This macro will only generate a relative URL if the store supports them, and the context allows it. Otherwise it will generate the same as PUBURL

The 'old' way of building URLs using PUBURLPATHPATH involved concatenating the web and topic names to the PUBURLPATH e.g. %PUBURLPATH%/%WEB%/%TOPIC%. This practice is strongly discouraged, as it does not correctly handle encoding of the parts of the URL. At the first opportunity you should replace all such URLs with the equivalent %PUBURLPATH%{topic="System.MainFeatures"}%, which will handle URL encoding for you.

ATTACHURLPATH provides a shorter way to refer to the attachments on the current topic.

Note:%<color>% text must end with %ENDCOLOR%. If you want to switch from one color to another one you first need to end the active color with %ENDCOLOR%, e.g. write %RED% some text %ENDCOLOR% %GREEN% more text %ENDCOLOR%.

Parameters

operate on the given version of the current topic. Note that this will only affect simple queries that refer to the current topic, such as form.name. More complex queries that use searches or indirection to refer to other topics always use the latest version of those topics.

Examples

Get the name of the form in the current topic:
%QUERY{"form.name"}%
Get the value of the 'Firstname' form field in
the current topic:
%QUERY{"fields[name='Firstname'].value"}%
Get the value of the 'Firstname' form field in
the current topic (shorthand version):
%QUERY{"Firstname"}%
Get a list of all the names of attachments on
the topic 'System.DocumentGraphics':
%QUERY{"'System.DocumentGraphics'/attachments.name"}%
Get configuration setting {NameFilter}:
%QUERY{"{NameFilter}"}%
List all the installed DataForm field types {FormTypes}:
%QUERY{"{FormTypes}[].types"}%

Plain strings (such as field values) are returned without quotes. Simple arrays of scalars are also returned without quotes, in a comma-separated list (beware of values that contain commas!).

More complex data structures (e.g. arrays of hashes) will only be returned if style="perl" or style="json" are set - else will return a string containing 'undef'.

You can make the macro generate different output formats using the style parameter:

QUERYPARAMS -- show parameters to the query

Expands the parameters to the query that was used to display the page.

Parameters

Parameter:

Description:

Default:

format

Format string for each entry

$name=$value

separator

Separator string

$n (newline)

encoding

Control how special characters are encoded. If this parameter is not given, safe encoding is performed which HTML entity encodes the characters '"<>%. entity - Encode special characters into HTML entities, like a double quote into &#034;. Does not encode \n or \r. safe - Encode characters '"<>% into HTML entities. (this is the default) html - As type="entity" except it also encodes \n and \rquotes - Escape double quotes with backslashes (\"), does not change other characters url - Encode special characters for URL parameter use, like a double quote into %22

safe

The following tokens are expanded in the format string:

Token

Expands To

$name

Name of the parameter

$value

String value of the parameter. Multi-valued parameters will have a "row" for each value.

Examples

Using QUERYPARAMS can easily be misused for cross-site scripting unless specific characters are entity encoded. By default QUERYPARAMS encodes the characters '"<>% into HTML entities (same as encoding="safe") which is relatively safe. The safest is to use encoding="entity". When passing QUERYPARAMS inside another macro always use double quotes ("") combined with using QUERYPARAMS with encoding="quote". For maximum security against cross-site scripting you are advised to install the Foswiki:Extensions.SafeWikiPlugin.

QUERYSTRING -- full, unprocessed string of parameters to this URL

String of all the URL parameters that were on the URL used to get to the current page. For example, if you add ?name=Samantha;age=24;eyes=blue to this URL you can see this in action. This string can be appended to a URL to pass parameter values on to another page.

URLs built this way are typically restricted in length, typically to 2048 characters. If you need more space than this, you will need to use an HTML form and =%QUERYPARAMS%=

Note:%<color>% text must end with %ENDCOLOR%. If you want to switch from one color to another one you first need to end the active color with %ENDCOLOR%, e.g. write %RED% some text %ENDCOLOR% %GREEN% more text %ENDCOLOR%.

REMOTE_ADDR -- environment variable

Examples

%REMOTE_ADDR% expands to 35.171.146.16

REMOTE_PORT -- environment variable

Examples

%REMOTE_PORT% expands to

REMOTE_USER -- environment variable

Examples

%REMOTE_USER% expands to

Displays the user identity established by the Web Server. Not available when using Template Autentication. The REMOTE_USER variable only expands when the active script is configured to Require valid-user in the Apache configuration. Eg. If your site uses Apache authentication and allows guest access, view this page with bin/view and bin/viewauth to see the effect.

header and footer are not output if there is no content in the
zone (nothing has been ADDTOZONEd ). However they are output if the
output is the empty string (at least one ADDTOZONE has been processed).

Zones are cleared after being rendered; they are only ever rendered once.

head and script are automatic zones. They don't require a
corresponding RENDERZONE anywhere in the templates - they are
automatically inserted before the </head> tag in the output HTML
page.

Normally, dependencies between individual ADDTOZONE statements are
resolved within each zone. However, if {MergeHeadAndScriptZones} is
enabled in configure, then head
content which requires an id that only exists in script will be re-ordered
to satisfy this dependency. {MergeHeadAndScriptZones} will be
removed from a future version of Foswiki.

REVARG -- &rev=n parameter of current request

%REVARG% If a topic revision is requested in the URL, it returns the revision of the current topic suitable for concatenation to the view query parameters. Otherwise returns an empty string.

In most cases you should use SCRIPTURLPATH instead, as it works much better with URL rewriting

The edit script should always be used in conjunction a t="%GMTIME{"$epoch"}%" parameter to ensure pages about to be edited are not cached in the browser

The 'old' way of building URLs using SCRIPTURL involved concatenating the web and topic names to the SCRIPTURL e.g. %SCRIPTURL{"script"}%/Cartoons/EvilMonkey. This practice is strongly discouraged, as it does not correctly handle encoding of the parts of the URL. At the first opportunity you should replace all such URLs with the equivalent %SCRIPTURL%{"script" topic="Cartoons.EvilMonkey"}%, which will handle URL encoding for you.

SCRIPTURL{"script"} -- URL of TWiki script

Syntax: %SCRIPTURL{"script"}%

Expands to: https://ecl.unist.ac.kr/foswiki/bin/script

Example: To get the authenticated version of the current topic you can write %SCRIPTURL{"viewauth"}%/%WEB%/%TOPIC% which expands to https://ecl.unist.ac.kr/foswiki/bin/viewauth/System/TWikiVariables

Example: How to link to another topic with a URL parameter: [[%SCRIPTURL{view}%/%WEB%/MyQuery?food=sushi][Sushi]]

Note: In most cases you should use %SCRIPTURLPATH{"script"}% instead, as it works with URL rewriting much better

The edit script should always be used in conjunction with a t="%GMTIME{"$epoch"}%" parameter to ensure pages about to be edited are not cached in the browser

See SCRIPTURL if you expect to need the protocol and host e.g. if you are saving the HTML of the page and using it on a different host.

The 'old' way of building URLs using SCRIPTURLPATH involved concatenating the web and topic names to the SCRIPTURLPATH e.g. %SCRIPTURLPATH{"script"}%/Cartoons/EvilMonkey. This practice is strongly discouraged, as it does not correctly handle encoding of the parts of the URL. At the first opportunity you should replace such URLs with the equivalent %SCRIPTURLPATH%{"script" topic="Cartoons.EvilMonkey"}%, which will handle URL encoding for you.

SCRIPTURLPATH{"script"} -- URL path of TWiki script

As %SCRIPTURL{"script"}%, but doesn't include the protocol and host part of the URL

SEARCH -- search content

Parameters

Parameter

Description

Default:

"text"search="text"

Search term. Is a keyword search, literal search, regular expression search, or query, depending on the type parameter. SearchHelp has more

required

web

Comma-separated list of webs to search. e.g. web="Main, Know"web="all" The special word all means all webs that do not have the NOSEARCHALL preference set to on in their WebPreferences. You can specifically exclude webs from an all search using a minus sign - for example, web="all,-Secretweb". Caution: The "all,-Secretweb" syntax does not exclude subwebs of the excluded web. It applies to only a single web. See Foswikitask:Item8893AccessControls are respected when searching webs; it is much better to use them than NOSEARCHALL. Wildcards are not currently supported for web names.

Current web

topic

Limit search to topics e.g. topic="WebPreferences"topic="*Bug"topic="MyTopic,YourTopic" A topic, a topic with asterisk wildcards, or a list of topics separated by comma. Note this is a list of topic names and must not include web names. Adding a topic restriction to a search can greatly improve the search performance.

All topics in a web

excludetopic

Exclude topics from search e.g. excludetopic="Web*"excludetopic="WebHome, WebChanges" A topic, a topic with asterisk wildcards, or a list of topics separated by comma.Note this is a list of topic names and must not include web names.

scope

Search topic name ("title"); the body ("text") of the topic; or title and body ("all")

text

type

Control how the search is performed when scope="text" or scope="all""keyword" - use Google-like controls as in soap "web service" -shampoo; searches word parts: using the example, topics with "soapsuds" will be found as well, but topics with "shampoos" will be excluded "word" - identical to keyword but searches whole words: topics with "soapsuds" will not be found, and topics with "shampoos" will not be excluded "literal" - search for the exact string, like web service"regex" - use a RegularExpression search like soap;web service;!shampoo; to search on whole words use \bsoap\b"query" - query search of form fields and other meta-data, like (Firstname='Emma' OR Firstname='John') AND Lastname='Peel'

Sort the results of search by the topic names ("topic"), topic creation time ("created"), last modified time ("modified"), last editor's WikiName ("editby"), or named field of DataForms ("formfield(name)"). The sorting is done web by web; if you want to sort across webs, create a formatted table and sort it with TablePlugin's initsort. Note that dates are sorted most recent date last (i.e at the bottom of the table). The web order is always alphabetical. When ordered by topic the result is first ordered by web and then by topic.

topic

limit

A number will limit the number of topics from which results will be returned. This is done after sorting if order is specified. Note that this does not limit the number of hits from the same topic when you have multiple="on".

all

date

limits the results to those pages with latest edit time in the given time interval.

reverse

If "on" will reverse the direction of the search. Does only apply to key specified by order.

If "on", expand embedded macros before applying a FormattedSearch on a search hit. Useful to show the expanded text, e.g. to show the result of a SpreadSheetPlugin%CALC{}% instead of the formula

off

multiple

If ="on", find multiple hits per topic. Each hit can be formatted. The last token is used in case of a regular expression ";" and search

off (only one hit found per topic

nofinalnewline

If "on", the search variable does not end in a line by itself. Any text continuing immediately after the SEARCH macro on the same line will be rendered as part of the table generated by the search, if appropriate. This feature is only active when format is defined.

on

recurse

If "on", recurse into subwebs, if subwebs are enabled. Note: recurse will currently search subwebs of explicitly excluded webs. (web="all, -Sandbox" recurse="on") will still search subwebs of Sandbox. This behavior is likely to change in a future release.

off

separator

Separator between search hits (only used when format is set) uses FormatTokens. If separator is not defined, the default is "$n" (newline). Not defining the separator will additionally cause a newline to be added after a header and before a footer.

$n (Newline)

headingoffset

Adds the given offset to any HTML headings generated in the search result. Works on headings defined by HTML tags as well as headings defined using foswiki markup.

0

newline

Line separator within a search hit. Useful if you want to put multi-line content into a table cell, for example if the format parameter contains a $pattern() or a $formfield() the result of which may contain newlines, in which case you could use newline="%BR%"

$n (Newline)

pagesize

number of items to show per page

25

showpage

Page of items to show (starts at 1) (overridden by the value specified by the URL parameter hash from $previousurl and $nexturl)

"1"

pager

If "on" adds paging to your SEARCHes Note: the default pager (when pagerformat is not defined) requires the parameters to the SEARCH to not change while paging, as it uses $previousurl and $nexturl. If you use time variable parameters, you will have to define your own pagerformat.

Warning: this option is liable to change dramatically (and potentially incompatibly) in the next major release of foswiki. Setting to "none" applies only to multi-web SEARCHs, and means the header and footer are only output once - at the beginning and end of the list of results, and the order parameter is applied over the entire set of results (this setting removes the legacy that results are always partitioned by web) see SiteChanges for an example.

SESSION_VARIABLE -- get, set or clear a session variable

Parameters

Examples

%SESSION_VARIABLE{"MYVAR" set="myval"}%

%SESSION_VARIABLE{"MYVAR" clear=""}%

SET -- set a preference setting during runtime

A preference setting created via %SET will only be usable on the topic where it has been found by the
parser, similar to normal preference settings. Each call to %INCLUDE opens a new scope for preference variables. An %INCLUDE of another topic containing a %SET statement will not
define those values in the including topic's scope. In contrast, a TMPL:DEF template definition
containing %SET macros will add those values to the current scope as if these settings have been
parsed as part of the current topic's text.

Setting a preference setting in a list like in

* Set foo = %SEARCH{...

will store the text of the TML expression.

The equivalent %SET statement:

%SET{"foo" value="%SEARCH{..."}%

will store the result of the TML expression as a consequence of the parser processing
macros inside-out-left-to-right.

Parameters

Parameter

Description

Default

"name"

Name of preference to set

value

Value to set it to

Examples

To cache the result of another macro use %SET{"search_result" value="%SEARCH{...}%"}%. The result of the value expression will be temporarily bound to the variable %search_result% and might be used within the scope of the current topic being processed

SHOWPREFERENCE -- show where preferences are defined.

Preference values are shown in a bulleted list, together with where they were defined.

Note:%<color>% text must end with %ENDCOLOR%. If you want to switch from one color to another one you first need to end the active color with %ENDCOLOR%, e.g. write %RED% some text %ENDCOLOR% %GREEN% more text %ENDCOLOR%.

SKIN -- current skin

%SKIN% expands the skin search path. For instance, SKIN can be set to catskin, bearskin.
The SKIN setting can be overridden using the URL parameter skin, such as ?skin=catskin,bearskin
You can also extend the existing skin path using covers - see COVER

Examples

Parameters

Spaced out WikiWords are not automatically linked. To SPACEOUT a WikiWord but preserve the link use "double bracket" format. For example, [[WebHome][%SPACEOUT{"WebHome"}%]] expands to Web Home

STARTINCLUDE -- start position of topic text if included

If present in included topic, start to include text from this location up to the next %ENDINCLUDE% macro, or to the end. A normal view of the topic shows everything except the %STARTINCLUDE% macro itself.

If you want more than one part of the topic included, use %STARTSECTION{type="include"}% instead

STARTSECTION -- marks the start of a section within a topic

Section boundaries are defined with %STARTSECTION{}% and %ENDSECTION{}%.
Sections may be given a name to help identify them, and/or a type, which changes how they are used.

type="section" - the default, used for a generic section, such as a named section used by INCLUDE.

type="include" - like %STARTINCLUDE% ... %STOPINCLUDE% except that you can have as many include blocks as you want which are all merged into one when included (%STARTINCLUDE% is restricted to only one). Sections of type include may not be given a name.

type="expandvariables" - all macros inside an "expandvariables" type section gets expanded when a new topic based on the template topic is created. See TemplateTopics for more information.

type="templateonly" - start position of text to be removed when a template topic is used. This is used to embed text that you do not want expanded when a new topic based on the template topic is created. See TemplateTopics for more information.

Parameters

Parameter

Description

Default

"name"

Name of the section. Must be unique inside a topic.

Generated name

=type="

Type of the section; type "section", "expandvariables", "include" or "templateonly"

"section"

Any other parameter will be defined as a default value for a macro within the scope of the section. The example parameters on the left will result in %PARONE% and %PARTWO% being defined if they are not defined parameters to the INCLUDE, or nested INCLUDEs surrounding it, or previsouly defined Preferences.

If a section is not given a name, it will be assigned one. Unnamed sections are assigned names starting with _SECTION0 for the first unnamed section in the topic, _SECTION1 for the second, etc..

You can define nested sections. It is not recommended to overlap sections, although it is valid in Foswiki. Use named sections to make sure that the correct START and ENDs are matched. Section markers are not displayed when a topic is viewed.

STATISTICSTOPIC -- name of statistics topic

Examples

STOPINCLUDE -- Alias for ENDINCLUDE

STOPSECTION -- Alias for ENDSECTION

SUBSCRIBE{ attributes } - subscribe the current user for notification of changes to the current topic

Anywhere in a topic or template:

%SUBSCRIBE{...}% or simply %SUBSCRIBE%

Parameter

Default

Meaning

who

Logged-in user

Who to subscribe (wikiname, no web)

topic

Current topic

Topic to subscribe to. Wildcards may be used e.g. topic="Item*" will subscribe to all topics starting with Item. Use topic="Main.*" to subscribe to the WebNotify for the Main web.

unsubscribe

Not set

If set to "on", will unsubscribe the user

The format of the Subscribe/Unsubscribe button is defined in a template file templates/subscribe.tmpl. The normal skin mechanisms can be used to override this with your own local definitions. The default template works with Javascript to provide a smooth interactive experience.

The format and formatunsubscribe parameters have been removed and will
be ignored. The version of PatternSkin shipped with Foswiki 1.1.9 used these
parameters.

TAB -- tab inside a tabpane widget

Parameters

when switching tabs, this is the javascript fragment to be executed just before the tab is displayed

after

this javascript handler is to be executed after the tab has been made visible

afterload

this javascript handler will be called when content loaded asynchronously (using the url parameter, below) has finished loading; depending on the network latency, this can be significantly later than execution of the after handler above

id

id of this tab; this id can be used in the TABPANEs select parameter to display this tab; this id is also added to the class attribute of the html element representing the tab button

url

link from where to load the content of the tab asynchronously when selecting this tab; the result of the addressed handler will replace the content area; if no url is set the content of the TAB ... ENDTAB area will be shown when the tab is selected

width

width of the tab area

auto

height

height of the tab area

auto

container

element where ajax content will be loaded; this is only used together with url

TABLE -- control attributes of tables and sorting of table columns

Attributes for tables

Parameter

Description

Default

Example

tableborder

Table border width (pixels).

"1"

tableborder="2"

tablebordercolor

Table border color.

unspecified

tablebordercolor="#333"

tableframe

Table frame, set to "void" (no sides), "above" (the top side only), "below" (the bottom side only), "hsides" (the top and bottom sides only), "lhs" (the left-hand side only), "rhs" (the right-hand side only), "vsides" (the right and left sides only), "box" (all four sides), "border" (all four sides).

unspecified

tableframe="hsides"

tablerules

Table rules, set to "none" (no rules), "groups" (rules will appear between row groups and column groups only), "rows" (rules will appear between rows only), "cols" (rules will appear between columns only), "all" (rules will appear between all rows and columns). See also: headerrules and datarules.

unspecified

tablerules="rows"

tablewidth

Table width: percentage of window width, or absolute pixel value.

unspecified

tablewidth="100%"

headerrows

Number of header rows to exclude from sort. (will be rendered in a HTML thead section)

"1"

headerrows="1"

footerrows

Number of footer rows to exclude from sort. (will be rendered in a HTML tfoot section)

"0"

footerrows="1"

id

Unique table identifier string, used for targeting a table with CSS.

tableN (where N is the table order number on the page)

id="userTable"

summary

Table summary used by screen readers: A summary of what the table presents. It should provide an orientation for someone who listens to the table.

unspecified

summary="List of subscribed users"

caption

Table caption: A title that will be displayed just above the table.

unspecified

caption="Users"

inlinemarkup

Set to "on" to generate inline markup HTML (in addition to the CSS markup); useful if you need to copy the table, for instance to paste the table into an email).

Attributes for data cells

Parameter

Description

Default

Example

datarules

Set to "none" (no rules), "rows" (rules will appear between rows only), "cols" (rules will appear between columns only), "all" (rules will appear between all rows and columns). Overrides tablerules for data cells.

unspecified

datarules="none"

datavalign

Vertical alignment of data cells; overrides valign.

unspecified

datavalign="top"

dataalign

Data cell alignment, one value for all columns, or a comma separated list for different alignment of individual columns. Set to "left", "center", "right" or "justify". Overrides individual cell settings.

unspecified

dataalign="center"

databg

Data cell background colour, a comma separated list. Specify "none" for no colour, that is to use the colour/background of the page the table is on.

"#edf4f9,#fff"

databg="#f2f2f2,#fff"

databgsorted

Data cell background colour of a sorted column; see databg.

the values of databg

databgsorted="#d4e8e4, #e5f5ea"

datacolor

Data cell text colour, a comma separated list.

unspecified

datacolor="#00c, #000"

Attributes for headers

Parameter

Description

Default

Example

headerrules

Set to "none" (no rules), "rows" (rules will appear between rows only), "cols" (rules will appear between columns only), "all" (rules will appear between all rows and columns). Overrides tablerules for header cells.

unspecified

headerrules="none"

headerbg

Header cell background colour. Specify "none" for no colour, that is to use the colour/background of the page the table is on.

"#6b7f93"

headerbg="#999"

headerbgsorted

Header cell background colour of a sorted column. Specify "none" for no colour, that is to use the colour/background of the page the table is on.

the value of headerbg

headerbgsorted="#32596c"

headercolor

Header cell text colour.

"#fff"

headercolor="#00c"

headervalign

Vertical alignment of header cells; overrides valign.

unspecified

headervalign="top"

headeralign

Header cell alignment, one value for all columns, or a comma separated list for different alignment of individual columns. Set to "left", "center", "right" or "justify". Overrides individual cell settings.

unspecified

headeralign="left,right"

headerrows

See: Attributes for tables

Other attributes

Parameter

Description

Default

Example

include

Other topic defining the TABLE parameters. The first %TABLE% in the topic is used. This is useful if you have many topics with the same table format and you want to update the format in one place. Use topic or web.topic notation.

Note:%<color>% text must end with %ENDCOLOR%. If you want to switch from one color to another one you first need to end the active color with %ENDCOLOR%, e.g. write %RED% some text %ENDCOLOR% %GREEN% more text %ENDCOLOR%.

TOC -- table of contents

Shows a Table of Contents that is generated automatically based on headings of a topic. Headings in TopicMarkupLanguage ("---++ text") and HTML ("<h2>text</h2>") are taken into account. Any heading text after "!!" is excluded from the TOC; for example, write "---+!! text" if you do not want to list a header in the TOC

Parameters

Parameter

Description

Default

"TopicName"

topic name

Current topic

web

Name of web

Current web

depth

Limit depth of headings shown in TOC

6

title

Title to appear at top of TOC

align

Align at left or right side of the page

id

Optional ID in case multiple TOCs are on the page and each TOC needs to be addressable with an anchor link. Allowed characters: a-zA-Z0-9-_, no spaces. If you don't specify an id, the anchor foswikiTOC can be used in a link: [[#foswikiTOC][Back to TOC]] creates Back to TOC.

Examples

If multiple headers have the exact same text, the anchors for the 2nd, 3rd etc will be suffixed by _AN1, _AN2 etc so the anchors become unique.

If other topics are included using INCLUDE then any headingoffset will not be seen by TOC.

TOC{"Topic"} -- table of contents

Table of Contents. Shows a TOC that is generated automatically based on headings of a topic. Headings in WikiSyntax ("---++ text") and HTML ("<h2>text</h2>") are taken into account. Any heading text after "!!" is excluded from the TOC; for example, write "---+!! text" if you do not want to list a header in the TOC. An abbreviated heading can be shown in the TOC, such as "---++ text!! this is excluded from TOC".

TOPIC -- name of current topic

Examples

TOPICLIST -- topic index of a web

List of all topics in a web. The "format" defines the format of one topic item. It may include formatting tokens: The $topic token gets expanded to the topic name, $marker to marker parameter where topic matches selection, and $web to the name of the web, or any of the standard FormatTokens.

Parameters

Parameter:

Description:

Default:

web

Name of web

Current web

"format"format="format"

Format of one line, may include $web (name of web), $topic (name of the topic), $marker (which expands to marker for the item matching selection only)

Parameters

"div" or "span" Specify if the Twisty Toggle section will use a <div> or a <span> tag. Note that if the contents contains block elements such as div, mode should be div as well to create valid HTML markup.

<div>

showimgleft

Specify the url of an image that will be displayed with the show link at the left side of the link. You may use ICONURLPATH to display one of the DocumentGraphics icons. Alternatively use an image attached to the topic.

hideimgleft

Specify the url of an image that will be displayed with the hide link at the left side of the link. You may use ICONURLPATH to display one of the DocumentGraphics icons. Alternatively use an image attached to the topic.

showimgright

Specify the url of an image that will be displayed with the show link at the right side of the link. You may use ICONURLPATH to display one of the DocumentGraphics icons. Alternatively use an image attached to the topic.

hideimgright

Specify the url of an image that will be displayed with the hide link at the right side of the link. You may use ICONURLPATH to display one of the DocumentGraphics icons. Alternatively use an image attached to the topic.

remember

If "on", the Twisty state is remembered the next time the page is shown. If "off", the stored setting will be cleared.

Note: when used, think carefully about a unique name (id) for the Twisty, otherwise the cookie that is set might affect other Twisties with the same name. Also note that only interaction is stored, not the state of the Twisty when left unclicked.

start

"hide" or "show" Initial state of the Twisty; this will override any setting stored in a cookie (see remember).

firststart

"hide" or "show" Initial state of the Twisty the first time the visitor gets to see the Twisty; this will NOT override cookie settings (see remember).

noscript

Make content hidden in case use does not have JavaScript on. Default content is shown in case JavaScript if off

TWISTYHIDE - Hide/close link

Parameters

"div" or "span" Specify if the Twisty Hide link will use a <div> or a <span> tag. Note that if the contents contains block elements such as div, mode should be div as well to create valid HTML markup.

<div>

img

Specify the url of an image that will be displayed at the right side of the link. You may use ICONURLPATH to display one of the DocumentGraphics icons. Alternatively use an image attached to the topic.

remember

If "on", the Twisty state is remembered the next time the page is shown. If "off", the stored setting will be cleared.Note: when used, think carefully about a unique name (id) for the Twisty, otherwise the cookie that is set might affect other Twisties with the same name. Also note that only interaction is stored, not the state of the Twisty when left unclicked.

start

"hide" or "show" Initial state of the Twisty; this will override any setting stored in a cookie (see remember).

firststart

"hide" or "show" Initial state of the Twisty the first time the visitor gets to see the Twisty; this will NOT override cookie settings (see remember).

TWISTYSHOW - Show/open link

Parameters

"div" or "span" Specify if the Twisty Show link will use a <div> or a <span> tag. Note that if the contents contains block elements such as div, mode should be div as well to create valid HTML markup.

<div>

img

Specify the url of an image that will be displayed at the right side of the link. You may use ICONURLPATH to display one of the DocumentGraphics icons. Alternatively use an image attached to the topic.

imgleft

Specify the url of an image that will be displayed at the left side of the link. You may use ICONURLPATH to display one of the DocumentGraphics icons. Alternatively use an image attached to the topic.

imgright

Specify the url of an image that will be displayed at the right side of the link. You may use ICONURLPATH to display one of the DocumentGraphics icons. Alternatively use an image attached to the topic.

remember

If "on", the Twisty state is remembered the next time the page is shown. If "off", the stored setting will be cleared.Note: when used, think carefully about a unique name (id) for the Twisty, otherwise the cookie that is set might affect other Twisties with the same name. Also note that only interaction is stored, not the state of the Twisty when left unclicked.

start

"hide" or "show" Initial state of the Twisty; this will override any setting stored in a cookie (see remember).

firststart

"hide" or "show" Initial state of the Twisty the first time the visitor gets to see the Twisty; this will NOT override cookie settings (see remember).

TWISTYTOGGLE -- Twisty Toggle contents section

Parameters

"div" or "span" Specify if the Twisty Toggle section will use a <div> or a <span> tag. Note that if the contents contains block elements such as div, mode should be div as well to create valid HTML markup.

<div>

class

CSS class name for content div or span

linkclass

CSS class name for link

remember

If "on", the Twisty state is remembered the next time the page is shown. If "off", the stored setting will be cleared.Note: when used, think carefully about a unique name (id) for the Twisty, otherwise the cookie that is set might affect other Twisties with the same name. Also note that only interaction is stored, not the state of the Twisty when left unclicked.

start

"hide" or "show" Initial state of the Twisty; this will override any setting stored in a cookie (see remember).

firststart

"hide" or "show" Initial state of the Twisty the first time the visitor gets to see the Twisty; this will NOT override cookie settings (see remember).

U -- "updated" icon

URLPARAM -- get URL or HTTP POST parameter value

Returns the value of the named parameter in the URL or HTTP POST request.

Parameters

Parameter:

Description:

Default:

"name"

The name of a URL parameter

required

default

Default value, used if the parameter is not present

""

newline

Convert newlines in textarea to other delimiters

encode

Control how special characters are encoded "off" - No encoding. Avoid using this when possible. See the security warning below. "entity" - Encode special characters into HTML entities. See ENCODE for more details. "safe" - Encode characters '"<>% into HTML entities. "url" - Encode special characters for URL parameter use, like a double quote into %22"quote" - Escape double quotes with backslashes (\"), does not change other characters; required when feeding URL parameters into other macros. You can combine several encodings together, and they will be applied in the order you specify e.g. encode="safe, quote"

safe

multiple

If set, gets all selected elements of a <select multiple="multiple"> tag. Can be set to a format string, with $item indicating the element, e.g. multiple="Option: $item" (also supports the standard format tokens)

first element

separator

Separator between multiple selections. Only relevant if multiple is specified

Reverse the encoding when used in SEARCH. Example: %SEARCH{ "%URLPARAM{ "search" encode="safe, quote"}%" decode="safe" noheader="on" }%. (It is not necessary to reverse quote encoding, otherwise decode= options should be specified in the reverse order from the encode= options.)

Watch out for internal parameters, such as rev, skin, template, topic, web; they have a special meaning in Foswiki. Common parameters and view script specific parameters are documented at CommandAndCGIScripts.

If you have %URLPARAM{ in the value of a URL parameter, it will be modified to %<nop>URLPARAM{. This is to prevent an infinite loop during expansion.

Security warning! Using URLPARAM can easily be misused for cross-site scripting unless specific characters are entity encoded. By default URLPARAM encodes the characters '"<>% into HTML entities (same as encode="safe") which is relatively safe. The safest is to use encode="entity". When passing URLPARAM inside another macro always use double quotes ("") combined with using URLPARAM with encode="quote". For maximum security against cross-site scripting you are adviced to install the Foswiki:Extensions.SafeWikiPlugin.

Examples

Expands to: guest is really WikiGuest
Retrieve information about another user. You can use either a wikiname or a username to identify the user. You can only see information about another user if you are an admin, or the {AntiSpam}{HideUserDetails} configuration option is not enabled. (User details are hidden on this site) :

%USERINFO{ "WikiGuest" format="$username is really $wikiname" }%

Expands to: guest is really WikiGuest

USERNAME -- your login username

Foswiki makes names available in three formats: USERNAME like jsmith, WIKINAME like JohnSmith and WIKIUSERNAME like Main.JohnSmith. Un-authenticated users are all WikiGuest.

WEB -- name of current web

%WEB% expands to the name of the web where the topic is located. If you are looking at the text of an included topic, it is the web where the included topic is located.

Examples

%WEB% expands to System

WEBLIST -- index of all webs

Generate a list of webs. Obfuscated webs are excluded, e.g. webs with a NOSEARCHALL = onpreference setting. The "format" defines the format of one web item. The $name gets expanded to the name of the web, $qname gets expanded to double quoted name, $marker to marker where web matches selection. Subwebs are listed recursively.

Parameters

Parameter

Description

Default

"format"format="format"

Format of one line, may include $name (the name of the web), $qname (the name of the web in double quotes), $indentedname (the name of the web with parent web names replaced by indents, for use in indented lists), and $marker (which expands to marker for the item matching selection only). The standard format tokens may also be used.

Comma separated list of webs to consider. This list can include two pseudo-webs, public which expands to all non-hidden and webtemplate which expands to the names of all template webs.NOTE: Administrators will see all webs, not just the public ones

public

subwebs

Specifies a single web. If specified, then public and webtemplate (described above) will expand relative to show subwebs *below this web only.

selection

Entry to be selected in list. If one of the webs matches this selection, then $marker in the format will be expanded

%WEB%

marker

Text for $marker if the item matches selection

selected="selected"

Examples

Create a bullet list of all webs:

%WEBLIST{" * [[$name.%HOMETOPIC%]]"}%

Create a dropdown of all public webs + Trash web, with the current web highlighted:

WEBLIST will not show a web called 'TWiki' even if it exists in the file system unless the TWikiCompatibilityPlugin is installed and activated in configure. This is done to ensure that the TWiki compatibility components such as the TWiki web are only visible and active when needed

Note:%<color>% text must end with %ENDCOLOR%. If you want to switch from one color to another one you first need to end the active color with %ENDCOLOR%, e.g. write %RED% some text %ENDCOLOR% %GREEN% more text %ENDCOLOR%.

Note:%<color>% text must end with %ENDCOLOR%. If you want to switch from one color to another one you first need to end the active color with %ENDCOLOR%, e.g. write %RED% some text %ENDCOLOR% %GREEN% more text %ENDCOLOR%.

Formatted Search

Customize the display of search results.

The default output format of a %SEARCH{...}% is a table consisting of topic names and topic summaries. Use the format="..." parameter to customize the search result. The format parameter typically defines a bullet or a table row containing macros, such as %SEARCH{ "food" format="| $topic | $summary |" }%. See %SEARCH{...}% for other search parameters, such as separator="".

Syntax

Three parameters can be used to specify a customized search result:

1. header="..." parameter

Use the header parameter to specify the header of a search result. It should correspond to the format of the format parameter. This parameter is optional.
Example:

pager control - can be optionally customised using the pagerformat below

$n or $n()

New line. Use $n() if followed by alphanumeric character, e.g. write Foo$n()Bar instead of Foo$nBar

Most macros accept parameter strings which are split over multiple lines. This is usually more readable than using $n tokens. If you are familiar with sectional includes, you might also consider nested sectional includes to hold the newline content outside of the parameter string entirely.

Note that newline is not a line break. The browser will wrap the lines together. If you require a line break, displaying the results on two lines, use %BR%. Or use two consecutive newlines to create a TML "Paragraph".

$nop or $nop()

Is a "no operation". This token gets removed; useful for nested search

$quot

Double quote (") (\" also works)

$percent

Percent sign (%) ($percnt also works)

$dollar

Dollar sign ($)

$lt

Less than sign (<)

$gt

Greater than sign (>)

$amp

Ampersand (&)

$comma

Comma (,)

Note that if the separator parameter for SEARCH is not defined a newline is added after the header.

2. footer="..." parameter

Use the footer parameter to specify the footer of a search result. It should correspond to the format of the format parameter. This parameter is optional.
Example:

Number of hits if multiple="on". Cumulative across all topics in current web. Identical to $ntopics unless multiple="on"

$pager

pager control - can be optionally customised using the pagerformat below

$n or $n()

New line. Use $n() if followed by alphanumeric character, e.g. write Foo$n()Bar instead of Foo$nBar

Most macros accept parameter strings which are split over multiple lines. This is usually more readable than using $n tokens. If you are familiar with sectional includes, you might also consider nested sectional includes to hold the newline content outside of the parameter string entirely.

Note that newline is not a line break. The browser will wrap the lines together. If you require a line break, displaying the results on two lines, use %BR%. Or use two consecutive newlines to create a TML "Paragraph".

$nop or $nop()

Is a "no operation". This token gets removed; useful for nested search

$quot

Double quote (") (\" also works)

$percent

Percent sign (%) ($percnt also works)

$dollar

Dollar sign ($)

$lt

Less than sign (<)

$gt

Greater than sign (>)

$amp

Ampersand (&)

$comma

Comma (,)

Note that if the separator parameter for SEARCH is not defined a newline is added after the last search result.

3. pagerformat="..." parameter

Use the pagerformat parameter to customise the appearance of the paging control.
It should correspond to the format of the format parameter.
This parameter is optional.
Example:

skin template (SEARCH:pager_previous) html for the full URL to the previous page - IF using the built in pager system

$nextbutton

skin template (SEARCH:pager_next) html for the full URL to the previous page - IF using the built in pager system

$n or $n()

New line. Use $n() if followed by alphanumeric character, e.g. write Foo$n()Bar instead of Foo$nBar

Most macros accept parameter strings which are split over multiple lines. This is usually more readable than using $n tokens. If you are familiar with sectional includes, you might also consider nested sectional includes to hold the newline content outside of the parameter string entirely.

Note that newline is not a line break. The browser will wrap the lines together. If you require a line break, displaying the results on two lines, use %BR%. Or use two consecutive newlines to create a TML "Paragraph".

$nop or $nop()

Is a "no operation". This token gets removed; useful for nested search

$quot

Double quote (") (\" also works)

$percent

Percent sign (%) ($percnt also works)

$dollar

Dollar sign ($)

$lt

Less than sign (<)

$gt

Greater than sign (>)

$amp

Ampersand (&)

$comma

Comma (,)

4. format="..." parameter

Use the format parameter to specify the format of one search hit.
Example:

Topic summary, just the plain text, all formatting and line breaks removed; up to 162 characters

$summary(50)

Topic summary, up to 50 characters shown

$summary(showvarnames)

Topic summary, with %SOMEMACRO{...}% macros shown as SOMEMACRO{...}

$summary(noheader)

Topic summary, with leading ---+ headers removedNote: The tokens can be combined, for example $summary(100, showvarnames, noheader)

$summary(searchcontext)

Creates a topic summary with the search terms highlighted

$summary(searchcontext, 50)

Creates a topic summary with the search terms highlighted, up to 50 characters

$changes

Summary of changes between latest rev and previous rev

$changes(n)

Summary of changes between latest rev and rev n

$formname

The name of the form attached to the topic; empty if none

$formfield(name)

The field value of a form field; for example, if FAQWhatIsWikiWiki was a search hit, $formfield(TopicClassification) would get expanded to =. This applies only to topics that have a DataForm. For multi-line textfields new lines are replaced by the value of the =newline parameter if it is defined, otherwise by an HTML <br />

$formfield(name, 10)

Form field value, "- " hyphenated every 10 characters

$formfield(name, 20, -<br />)

Form field value, hyphenated every 20 characters with separator "-<br />"

$formfield(name,30,...)

Form field value, shortened to 30 characters with trailing ellipsis.

$formfield(name, display)

Form field value after mapping the stored value to the display value (use with +values form fields). You can still use the hyphenation controls described above by placing them afterdisplay e.g. $formfield(name, display, 10)

$extract(reg-exp)

A regular expression pattern to extract some text from a topic (does not search meta data; use $formfield instead). Escapes some characters to their standard FormatTokens in the discovered text to make embedding in other macros easier. See Using $extract and $pattern below for more information.

$pattern(reg-exp)

As $extract, with the difference that $pattern does not escape quotes or precent signs in the result.

$count(reg-exp)

Count of number of times a regular expression pattern appears in the text of a topic (does not search meta data). Follows guidelines for use and limitations outlined above under $pattern(reg-exp). Example: $count(.*?(---[+][+][+][+]) .*) counts the number of <H4> headers in a page.

$ntopics

Number of topics found in current web. This is the current topic count, not the total number of topics

$nhits

Number of hits if multiple="on". Cumulative across all topics in current web. Identical to $ntopics unless multiple="on"

$pager

pager control - can be optionally customised using the pagerformat below

$n or $n()

New line. Use $n() if followed by alphanumeric character, e.g. write Foo$n()Bar instead of Foo$nBar

Most macros accept parameter strings which are split over multiple lines. This is usually more readable than using $n tokens. If you are familiar with sectional includes, you might also consider nested sectional includes to hold the newline content outside of the parameter string entirely.

Note that newline is not a line break. The browser will wrap the lines together. If you require a line break, displaying the results on two lines, use %BR%. Or use two consecutive newlines to create a TML "Paragraph".

$nop or $nop()

Is a "no operation". This token gets removed; useful for nested search

$quot

Double quote (") (\" also works)

$percent

Percent sign (%) ($percnt also works)

$dollar

Dollar sign ($)

$lt

Less than sign (<)

$gt

Greater than sign (>)

$amp

Ampersand (&)

$comma

Comma (,)

Using $extract and $pattern

$extract and $pattern are subtle. These tokens specify a RegularExpression that covers the whole text (of each line found by the search if multiple="on", of the entire topic text otherwise). The regular expression typically starts with .*, and must end in .*

The leading .* matches all the content up to the start of the string you want to find. It will try to match the longest string of characters it can, so if your pattern occurs several times in the content it will always match the last occurence. If you always want to match the first occurrence, use .*? instead.

You _must* end the pattern with .*

Put the section of the pattern that matches the text you want to keep in parenthesis, like this $extract(.*?(from here.*?to here).*)

Do not use .*inside the parentheses, e.g. $extract(.*foo(.*)bar.*) does not work. You can however use .*? thus $extract(.*foo(.*?)bar.*)

Make sure that the integrity of a web page is not compromised; for example, if you include an HTML table make sure to include everything including the table end tag. $extract will automatically escape "<>&%$ characters so that the string matched by the pattern doesn't break any macros that are wrapped around it. $pattern does not do this, and should be used with care. $extract is only available in Foswiki 2.0 and later.

Nested Search

SEARCH is one of many macros that produce output which may be controlled with format, header and footer parameters, among others. To make use of additional macros in the output, familiarity with inside-out, left-to-right order of expansion rules is required. There are two forms:

Standard: Use %INNERMACRO% to build the parameter string before%OUTERMACRO% is expanded

%OUTERMACRO{
format="%INNERMACRO%"
}%

Delayed: Use the parameter string to incorporate %INNERMACRO% into the output of %OUTERMACRO%

%OUTERMACRO{
format="$percentINNERMACRO$percent"
}%

When working with a given macro, consult its documentation to determine which parameters support the $percent/$percntformat tokens. Generally only output parameters like header, format and footer support format tokens.

Standard form

The key to understanding nested expressions in Foswiki is to understand that macros are expanded "inside-out, left-to-right". Example:

Step 5

Step 6

These topics are for frequently
asked questions including answers.
* Set THETOPIC = %SYSTEMWEB%.FAQWhatIsWikiWiki
* Set THEFIELD = TopicClassification

Step 7

These topics are for frequently
asked questions including answers.
* Set THETOPIC = System.FAQWhatIsWikiWiki
* Set THEFIELD = TopicClassification

Delayed form

Standard form macros can nearly always be used to build the parameter string of another macro; however, sometimes it is desirable to bypass the inside-out expansion order and delay the inner macro until after the outer macro has finished expansion. This is accomplished by using the $percent format token instead of %, and escaping any " character it uses (becomes \")

When working with a given macro, consult its documentation to determine which parameters support the $percent/$percntformat tokens. Generally only output parameters like header, format and footer support format tokens.

Method 1 (nesting with escapes)

The inner search cannot be placed directly into the format string of the outer, because of the "inside-out, left-to-right" macro expansion behaviour discussed earlier. It must be delayed so that the outer search is evaluated first. To do this, we need to escape the inner search, i.e. let the outer search build a series of inner searches, which are executed only when the outer list is complete..

When nesting with escapes, each new nesting level must "escape the escapes", e.g. write $dollarpercentSEARCH{ for level three, $dollardollarpercentSEARCH{ for level four, etc.

Method 2 (nesting with sectional includes)

Nested expressions with delayed macros can be difficult to write: care must be taken to escape all the quotes of the inner delayed macro, and it may become confusing whether to use $topic, $dollartopic or $dollardollartopic.

If you find yourself using escaped tokens like $dollartopic, another approach is to use the STARTSECTION/ENDSECTION feature of INCLUDE. Instead of nesting the inner search expression directly inside the format string of the outer, the inner search is written as a separate stand-alone section of a topic which is INCLUDEd into the format string of the outer.

Most recently changed pages

Search with conditional output

Sometimes it may be desirable for each hit to be displayed differently depending on some criteria. For example, maybe you want to list 20 topics modified in 2009, but decorate the hits which are children of UserDocumentationCategory with an icon.

Specify a search which returns the hits you need

For each search hit, test the condition that will influence the output using a nested IFstatement

The SEARCH has a delayed ICON. The $percent ensures that ICON is evaluated once for each search hit

The ICON contains an IF, which again is delayed with the $percent token and will also be evaluated for each SEARCH hit. Additionally, the inside-out, left-to-right rule discussed earlier means that this IF expression will be evaluated before ICON.

File Attachments

Each topic can have one or more files of any type attached to it by using the Attach screen to upload (or download) files from your local PC. Attachments are stored under revision control: uploads are automatically backed up; all previous versions of a modified file can be retrieved.

What are attachments good for?

File Attachments can be used to archive data, or to create powerful customized groupware solutions, like file sharing and document management systems, and quick Web page authoring.

Document management system

You can use Attachments to store and retrieve documents (in any format, with associated graphics, and other media files); attach documents to topics; collaborate on documents with full revision control; distribute documents on a need-to-know basis using web and topic-level access control; create a central reference library that's easy to share with an user group spread around the world.

File sharing

For file sharing, FileAttachments on a series of topics can be used to quickly create a well-documented, categorized digital download center for all types of files: documents, graphics and other media, drivers and patches, applications; anything you can safely upload!

Web authoring

Through your web browser, you can easily upload graphics (or sound files, or anything else you want to link to on a page) and place them on a single page, or use them across a web, or site-wide.

You can also add graphics - any files - directly, typically by FTP upload. This requires FTP access, and may be more convenient if you have a large number of files to load. FTP-ed files cannot be managed using browser-based attachment controls. You can use your browser to create shortcuts using Macros, like this %H% = .

Attachment Names

Attachment names are stored directly in the server native file system, so filenames are sanitized to prevent use of names that would be unacceptable to the variety of platforms where Foswiki is supported. Note that the rules are different depending on whether or not your installation is configured to support international characters (UseLocale)

Default rules without international character set support.

Filenames must only be compose of:

"Mixed Alpha-Numeric" characters. (A-Z, a-z and 0-9)

May also contain:

. (period / decimal point / "dot")

_ (Underscore)

- (Hyphen or dash)

embedded spaces (Will be converted to underscore (_) during upload

Any other characters are removed from the filename.

Any leading dots or slashes (., \ or /) will be stripped

Embedded spaces will be converted to underscore _

Certain filenames that might be interpreted as executable code will have .txt appended. (This is set locally by your system administrator)

Attachment name rules with international character set support enabled.

Embedded spaces are converted to _ (Underscore).

Filenames are filtered according to rules set by your administrator.

The default rules will strip the following characters from the filename:

Any "whitespace" characters

* (Asterisk)

? (Question mark)

~ (Tilde)

^ (Caret / Circumflex)

\ (Backslash)

$ (Dollar-sign)

@ (At-sign)

% (Percent-sign)

`'" Quotes (Open-quote, Close-quote/Apostrophe, and Double-quote)

& (Ampersand)

; (Semicolon)

| (Vertical line)

<> (Less and Greater signs)

[] (Open and close square brackets)

And any ASCII control characters (Hex x00-x1f)

Any leading dots or slashes (., \ or /) will be stripped

Certain filenames that might be interpreted as executable code will have .txt appended. (This is set locally by your system administrator)

Uploading files

Click on the [Attach] link at the bottom of the page. The Attach screen lets you browse for a file, add a comment, and upload it. The uploaded file will show up in the file attachment table.

The topic must already exist. If it does not, it is a two step process: First create the topic, then add the file attachment.

Any type of file can be uploaded. Some files that might pose a security risk are renamed, for example: *.php files are renamed to *.php.txt so that no one can place code that would be read in a .php file.

Foswiki can limit the file size. This is defined by the %ATTACHFILESIZELIMIT%preference settings, currently set at 10000 kB.

It is not recommended to upload files greater than a few hundred K through a browser. Large files can be extremely slow-loading, and often time out. Use an FTP site for large file uploads.

Automatic attachments:

When enabled, all files with valid names in a topic's attachment directory are shown as attachments to the topic - even if they were directly copied to the directory and never attached by using an [Attach] link. This is a convenient way to quickly "attach" files to a topic without uploading them one by one; although at the cost of losing audit trail and version control.

Before an attachment is shown, the filename is filtered per the above Attachment name rules. If the filtered name is not identical to the actual file name, the file will not be included in the list of attachments

To enable this feature, set the {AutoAttachPubFiles} configuration option.

The automatic attachment feature can only be used by an administrator who has access to the server's file system.

Linking to the attached file in the topic:

Checking the "Create a link to the attached file" appends a link at the end of the topic. The format can be modified with the %ATTACHEDFILELINKFORMAT%preference setting. Images (files ending in gif, jpg, jpeg or png) are handled by %ATTACHEDIMAGEFORMAT%.

The two named preference settings may use the following variables:

$filename: the name of the file

$fileext: the filename extension (string following the last period, if present) or an empty string.

Examples

Following you will find some examples of screens and tables related to this topic and referenced throughout the previous text. The appearance of these tables might vary, depending on what skin is used on your Foswiki installation.

File attachment table

Files attached to a topic are displayed in a directory table, showing the different file names and attributes. An h means the attachment is hidden and not listed when viewing a topic in normal mode.

The file attachment table is normally displayed at the bottom of the page, or optionally, hidden and accessed when you click [Attach].

File attachment controls

Clicking on a [Manage] link takes you to a new page that looks a bit like this (depending on what skin is selected).

Here, you have different options:

To update an existing file, choose the updated file on your local drive and click [Update file]. The filename of the original attachment will preserved; the filename of the local file you chose will not be used.

To change the comment on an attachment, enter a new comment and then click [Change comment and properties only]. Note that the comment listed against the specific version will not change, however the comment displayed when viewing the topic does change.

To hide/unhide an attachment, enable the Do not show attachment in table checkbox, then click [Change comment and properties only].

Attach new file

Select a new local file to update attachment Sample.txtUpload up to 10000 KB.

Comment

Describe the file so other people know what it is.

Properties

Create a link to the attached fileImages will be displayed, for other attachments a link will be created.

Do not show attachment in tableAttachments will not be shown in topic view page.

TWiki Forms

Add structure to content with forms attached to twiki topics. TWiki forms (with form fields) and formatted search are the base for building database applications.

Overview

By adding form-based input to freeform content, you can structure topics with unlimited, easily searchable categories. A form is enabled for a web and can be added to a topic. The form data is shown in tabular format when the topic is viewed, and can be changed in edit mode using edit fields, radio buttons, check boxes and list boxes. Many different form types can be defined in a web, though a topic can only have one form attached to it at a time.

When used in the value field of the form definition, this will find all topic names in the Main web which end in "Office" and use them as the legal field values.

Enabling Forms by Web

Forms have to be enabled for each individual web. The WEBFORMS variable in WebPreferences is optional and defines a list of possible form templates.

Example:

Set WEBFORMS = BugForm, FeatureForm, Books.BookLoanForm

With WEBFORMS enabled, an extra button is added to the edit view. If the topic doesn't have a Form, an Add Form button appears at the end of the topic. If a Form is present, a Change button appears in the top row of the Form. The buttons open a screen that enables selection of a form specified in WEBFORMS, or the No form option.

You have to list the available form topics explicitly. You cannot use a SEARCH to define WEBFORMS.

Adding a form to a topic

Edit the topic and follow the "Add form" button to add a Form. This is typically done to a template topic, either to the WebTopicEditTemplate topic in a web, or a new topic that serves as an application specific template topic. Initial Form values can be set there.

Additionally a new topic can be given a Form using the formtemplate parameter in the (edit or save) URL. Initial values can then be provided in the URLs or as form values:

other than checkboxes: name, ex: ?BugPriority=1

checkbox: namevalue=1, ex: ?ColorRed=1. Boxes with a tick must be specified.

Example: This will add a textfield for the new topic name and a "Create"-Button to your topic. When the button is pressed, the topic editor will open with the form "MyForm" already attached to the new topic.

Note: You can create a topic in one step, without going through the edit screen. To do that, specify the save script instead of the edit script in the form action. When you specify the save script you have to use the "post" method. Example:

Note: Initial values will not be set in the form of a new topic if you only use the formtemplate parameter.

Changing a form

You can change a form definition, and TWiki will try to make sure you don't lose any data from the topics that use that form.

If you change the form definition, the changes will not take affect in a topic that uses that form until you edit and save it.

If you add a new field to the form, then it will appear next time you edit a topic that uses the form.

If you delete a field from the form, or change a field name, then the data will not be visible when you edit the topic (the changed form definition will be used). If you save the topic, the old data will be lost (though thanks to revision control, you can always see it in older versions of the topic)

If two people edit the same topic containing a form at exactly the same time, and both change fields in the form, TWiki will try to merge the changes so that no data is lost.

Structure of a Form Template

A Form Template specifies the fields in a form. A Form Template is simply a page containing a TWiki table, where each row of the table specifies one form field.

Each column of the table is one element of an entry field: Name, Type, Size, Values, Tooltip message, and Attributes.

The Name, Type and Size columns are required. Other columns are optional. The form must have a header row (e.g. | *Name* | *Type* | *Size* |).

Name is the name of the form field.

The Type, Size and Value fields describe the legal values for this field, and how to display them.

Typecheckbox specifies one or more checkboxes. The Size field specifies how many checkboxes will be displayed on each line. The Value field should be a comma-separated list of item labels.

Typecheckbox+buttons will add Set and Clear buttons to the basic checkbox type.

Typeradio is like checkbox except that radio buttons are mutually exclusive; only one can be selected.

Typelabel specifies read-only label text. The Value field should contain the text of the label.

Typeselect specifies a select box. The Value field should contain a comma-separated list of options for the box. The Size field can specify a fixed size for the box (e.g. 1, or a range e.g. 3..10. If you specify a range, then the box will never be smaller than 3 items, never larger than 10, and will be 5 high if there are only 5 options.

There are two modifiers that can be applied to the select type:

select+multi turns multiselect on for the select, to allow Shift+Click and Ctrl+Click to select (or deselect) multiple items.

select+values allows the definition of values that are different to the displayed text. For example:

shows but the values or options Two and Three are 2 and III respectively. You can combine these modifiers e.g. select+multi+values

Typetext specifies a one-line text field. Size specifies the text box width in number of characters. Value is the initial (default) content when a new topic is created with this form template.

Typetextarea specifies a multi-line text box. The Size field should specify columns x rows, e.g. 80x6; default size is 40x5. As for text, the Value field specifies the initial text

Typedate specifies a single-line text box and a button next to it; clicking on the button will bring up a calendar from which the user can select a date. The date can also be typed into the text box. Size specifies the text box width in characters. As for text, the Value field specifies the initial text

Tooltip message is a message that will be displayed when the cursor is hovered over the field in edit view.

Attributes specifies special attributes for the field. Multiple attributes can be entered, separated by spaces.

An attribute H indicates that this field should not be shown in view mode. However, the field is available for editing and storing information.

An attribute M indicates that this field is mandatory. The topic cannot be saved unless a value is provided for this field. If the field is found empty during topic save, an error is raised and the user is redirected to an oops page. Mandatory fields are indicated by an asterisks next to the field name.

For example, a simple form just supporting entry of a name and a date would look as follows:

A very few field names are reserved. If you try to use one of these names, TWiki will automatically append an underscore to the name when the form is used.

You can space out the title of the field, and it will still find the topic e.g. Aeroplane Manufacturers is equivalent to AeroplaneManufacturers.

If a label field has no name, it will not be shown when the form is viewed, only when it is edited.

Field names can in theory include any text, but you should stick to alphanumeric characters. If you want to use a non-wikiname for a select, checkbox or radio field, and want to get the values from another topic, you can use [[...]] links. This notation can also be used when referencing another topic to obtain field values, but a name other than the topic name is required as the name of the field.

Leading and trailing spaces are not significant.

Field Value Notes:

The field value will be used to initialize a field when a form is created, unless specific values are given by the topic template or query parameters. The first item in the list for a select or radio type is the default item. For label, text, and textarea fields the value may also contain commas. checkbox fields cannot be initialized through the form template.

Leading and trailing spaces are not significant.

Field values can also be generated through a FormattedSearch, which must yield a suitable table as the result.

Variables in the initial values of a form definition get expanded when the form definition is loaded.

If you want to use a | character in the initial values field, you have to precede it with a backslash, thus: \|.

You can use <nop> to prevent TWiki variables from being expanded.

The FormatTokens can be used to prevent expansion of other characters.

General Notes:

The topic definition is not read when a topic is viewed.

Form definition topics can be protected in the usual manner, using TWikiAccessControl, to limit who can change the form template and/or individual value lists. Note that view access is required to be able to edit topics that use the form definition, though view access to the form definition is not required to view a topic where the form has been used.

Values in Other Topics

As described above, you can also retrieve possible values for select, checkbox or radio types from other topics. For example, if you have a rows defined like this:

| *Name* | *Type* | *Size* |
| AeroplaneManufacturers | select | |

the TWiki will look for the topic AeroplaneManufacturers to get the possible values for the select.

The AeroplaneManufacturers topic must contain a table, where each row of the table describes a possible value. The table only requires one column, Name. Other columns may be present, but are ignored.

For example:

| *Name* |
| Routan |
| Focke-Wulf |
| De Havilland |

Notes:

The Values column must be empty in the referring form definition.

Extending the range of form data types

You can extend the range of data types accepted by forms by using TWikiPlugins. All such extended data types are single-valued (can only have one value) with the following exceptions:

any type name starting with checkbox

any type name with +multi anywhere in the name

Types with names like this can both take multiple values.

Hints and Tips

Build an HTML form to create new Form-based topics

New topics with a form are created by simple HTML forms asking for a topic name. For example, you can have a SubmitExpenseReport topic where you can create new expense reports, a SubmitVacationRequest topic, and so on. These can specify the required template topic with its associated form. Template topics has more.

A Form Template specifies the fields in a form. A Form Template is simply a page containing a TWiki table, where each row of the table specifies one form field.

Searching forms this way is obviously pretty inefficient, but it's easy to do. If you want better performance, take a look at some of the structured wiki extensions that support higher performance searching e.g. TWiki:Plugins.DBCachePlugin.

Gotcha!

Some browsers may strip linefeeds from text fields when a topic is saved. If you need linefeeds in a field, make sure it is a textarea.

Master Templates

TWiki uses master templates when composing the output from all actions, like topic view, edit, and preview.
This allows you to change the look and feel of all pages by editing just a few template files.

Master templates are stored as text files with the extension .tmpl.
They are usually HTML with embedded template directives.
The directives are expanded when TWiki wants to generate a user interface screen.

How Template Directives Work

Directives are of the form %TMPL:<key>% and %TMPL:<key>{"attr"}%.

Directives:

%TMPL:INCLUDE{"file"}%: Includes a template file. The file is found as described below.

%TMPL:DEF{"block"}%: Define a block. All text between this and the next %TMPL:END% directive is removed and saved for later use with %TMPL:P.

%TMPL:END%: Ends a block definition.

%TMPL:P{"var"}%: Includes a previously defined block.

%{...}%: is a comment.

Two-pass processing lets you use a variable before or after declaring it.

Templates and TWikiSkins work transparently and interchangeably. For example, you can create a skin that overloads only the twiki.tmpl master template, like twiki.print.tmpl, that redefines the header and footer.

Use of template directives is optional: templates work without them.

NOTE: Template directives work only for templates: they do not get processed in normal topic text.

TMPL:P also supports simple parameters. For example, given the definition
%TMPL:DEF{"x"}% x%P%z%TMPL:END% then %TMPL:P{"x" P="y"}% will expand to xyz.

Note that parameters can simply be ignored; for example, %TMPL:P{"x"}% will expand to x%P%z.

Any alphanumeric characters can be used in parameter names.
You are highly recommended to use parameter names that cannot be confused with TWikiVariables.

Note that three parameter names, context, then and else are reserved.
They are used to support a limited form of "if" condition that you can use to select which of two templates to use, based on a context identifier:

When the "inactive" context is set, then this will expand the "link_inactive" template; otherwise it will expand the "link_active" template.
See IfStatements for details of supported context identifiers.

Finding Templates

The master templates shipped with a twiki release are stored in the twiki/templates directory.
As an example, twiki/templates/view.tmpl is the default template file for the twiki/bin/view script.

You can save templates in other directories as long as they are listed in the {TemplatePath} configuration setting.
The {TemplatePath} is defined in the Miscellaneous section of the configure page.

You can also save templates in user topics (IF there is no possible template match in the templates directory).
The {TemplatePath} configuration setting defines which topics will be accepted as templates.

Templates that are included with an explicit '.tmpl' extension are looked for only in the templates/ directory.
For instance %TMPL:INCLUDE{"example.tmpl"}% will only return templates/example.tmpl, regardless of {TemplatePath} and SKIN settings.

The out-of-the-box setting of {TemplatePath} supports the following search order to determine which template file or topic to use for a particular script or %TMPL:INCLUDE{"script"}% statement.
The skin path is set as described in TWikiSkins.

templates/web/script.skin.tmpl for each skin on the skin path

this usage is supported for compatibility only and is deprecated. Store web-specific templates in TWiki topics instead.

templates/script.skin.tmpl for each skin on the skin path

templates/web/script.tmpl

this usage is supported for compatibility only and is deprecated. Store web-specific templates in TWiki topics instead.

templates/script.tmpl

The TWiki topic aweb.atopic if the template name can be parsed into aweb.atopic

The TWiki topic web.SkinSkinScriptTemplate for each skin on the skin path

The TWiki topic web.ScriptTemplate

The TWiki topic %SYSTEMWEB%.SkinSkinScriptTemplate for each skin on the skin path

The TWiki topic %SYSTEMWEB%.ScriptTemplate

Legend:

script refers to the script name, e.g view, edit

Script refers to the same, but with the first character capitalized, e.g View

skin refers to a skin name, e.g dragon, pattern. All skins are checked at each stage, in the order they appear in the skin path.

Skin refers to the same, but with the first character capitalized, e.g Dragon

web refers to the current web

For example, the example template file will be searched for in the following places, when the current web is Thisweb and the skin path is print,pattern:

templates/Thisweb/example.print.tmpldeprecated; don't rely on it

templates/Thisweb/example.pattern.tmpldeprecated; don't rely on it

templates/example.print.tmpl

templates/example.pattern.tmpl

templates/Thisweb/example.tmpldeprecated; don't rely on it

templates/example.tmpl

Thisweb.PrintSkinExampleTemplate

Thisweb.PatternSkinExampleTemplate

Thisweb.ExampleTemplate

System.PrintSkinExampleTemplate

System.PatternSkinExampleTemplate

System.ExampleTemplate

Template names are usually derived from the name of the currently executing script; however it is also possible to override these settings in the view and edit scripts, for example when a topic-specific template is required. Two preference variables can be used to override the templates used:

Tip: If you want to override existing templates, without having to worry that your changes will get overwritten by the next TWiki update, change the {TemplatePath} so that another directory, such as the %USERSWEB% appears at the front. You can then put your own templates into that directory or web and these will override the standard templates. (Note that such will increase the lookup time for templates by searching your directory first.)

TMPL:INCLUDE recursion for piecewise customisation, or mixing in new features

If there is recursion in the TMPL:INCLUDE chain (eg twiki.classic.tmpl contains %TMPL:INCLUDE{"twiki"}%, the templating system will include the next twiki.SKIN in the skin path.
For example, to create a customisation of pattern skin, where you only want to over-ride the breadcrumbs for the view script, you can create only a view.yourlocal.tmpl:

The default {TemplatePath} will not give you the desired result if you put these statements in the topic Thisweb.YourlocalSkinViewTemplate. The default {TemplatePath} will resolve the request to the template/view.pattern.tmpl, before it gets to the Thisweb.YourlocalSkinViewTemplate resolution. You can make it work by prefixing the {TemplatePath} with: $web.YourlocalSkin$nameTemplate.

Default master template

twiki.tmpl is the default master template. It defines the following sections.

User name of user who is instantiating the new tpoic, e.g. Main.WikiGuest

2. Preventing variable expansion

In a template topic, embed text that you do not want expanded inside a %STARTSECTION{type="templateonly"}% ... %ENDSECTION{type="templateonly"}% section. For example, you might want to write this in the template topic:

%STARTSECTION{type="templateonly"}%
This template can only be changed by:
* Set ALLOWTOPICCHANGE = Main.TWikiAdminGroup
%ENDSECTION{type="templateonly"}%

This will restrict who can edit the template topic, but will be removed when a new topic based on that template topic is created.

%NOP% can be used to prevent expansion of TWiki variables that would otherwise be expanded during topic creation. For example, escape %SERVERTIME% with %SER%NOP%VERTIME%.

3. Control over variable expansion

You can forcefully expand TWikiVariables by placing them inside a type="expandvariables" section in the template topic, such as:

Specifying a Form

When you create a new topic based on a template, you often want the new topic to have a form attached to it. You can attach a form to the template topic, in which case it will be copied into the new topic.

Sometimes this isn't quite what you want, as it copies all the existing data from the template topic into the new topic. To avoid this and use the default values specified in the form definition instead, you can use the formtemplate CGI parameter to the edit script to specify the name of a form to attach.

See TWikiScripts for information about all the other parameters to edit.

Automatically Generated Topic Names

For TWiki applications it is useful to be able to automatically generate unique topicnames, such as BugID0001, BugID0002, etc. You can add AUTOINC<n> to the topic name in the edit and save scripts, and it will be replaced with an auto-incremented number on topic save. <n> is a number starting from 0, and may include leading zeros. Leading zeros are used to zero-pad numbers so that auto-incremented topic names can sort properly. Deleted topics are not re-used to ensure uniqueness of topic names. That is, the auto-incremented number is always higher than the existing ones, even if there are gaps in the number sequence.

Note: You can create a topic in one step, without going through the edit screen. To do that, specify the save script instead of the edit script in the form action. When you specify the save script you have to use the "post" method. Example:

TIP: You can use the %WIKIUSERNAME% and %DATE% variables in your topic templates to include the signature of the person creating a new topic. The variables are expanded into fixed text when a new topic is created. The standard signature is: -- %WIKIUSERNAME% - %DATE%

Using Absolute vs Relative URLs in Templates

When you use TWikiVariables such as %PUBURL% and %PUBURLPATH% in templates you should be aware that using %PUBURL% instead of %PUBURLPATH% puts absolute URLs in the produced HTML. This means that when a user saves a TWiki page in HTML and emails the file to someone outside a company firewall, the receiver has a severe problem viewing it. It is therefore recommended always to use the %PUBURLPATH% to refer to images, CSS, Javascript files etc so links become relative. This way browsers just give up right away and show a usable html file.

TWiki Skins

Skins overlay regular templates to give different looks and feels to TWiki screens.

Overview

TWiki uses TWikiTemplates files as the basis of all the screens it uses to interact with users. Each screen has an associated template file that contains the basic layout of the screen. This is then filled in by the code to generate what you see in the browser.

TWiki ships with a default set of template files that give a very basic, CSS-themable, look-and-feel. TWiki also includes support for skins that can be selected to give different, more sophisticated, look and feels. A default TWiki installation will usually start up with the PatternSkin already selected. Skins may also be defined by third parties and loaded into a TWiki installation to give more options. To see how TWiki looks when no skin is selected, view this topic with a non-existant skin.

Topic text is not affected by the choice of skin, though a skin can be defined to use a CSS (Cascading Style Sheet), which can sometimes give a radically different appearance to the text.

Changing the default TWiki skin

TWiki default ships with the skin PatternSkin activated. You can set the skin for the whole site, a single web or topic, or for each user individually, by setting the SKIN variable to the name of a skin. If the skin you select doesn't exist, then TWiki will pick up the default templates.

Defining Skins

You may want to define your own skin, for example to comply with corporate web guidelines, or because you have a aesthetic vision that you want to share. There are a couple of places you an start doing this.

The TWikiTemplates files used for skins are located in the twiki/templates directory and are named according to the skin: <scriptname>.<skin>.tmpl. Skin files may also be defined in TWiki topics - see TWikiTemplates for details.

To start creating a new skin, copy the default TWikiTemplates (like view.tmpl), or copy an existing skin to use as a base for your own skin. You should only need to copy the files you intend to customise, as TWiki can be configured to fall back to another skin if a template is not defined in your skin. Name the files as described above (for example view.myskin.tmpl.

For your own TWiki skin you are encouraged to show a small 80x31 pixel logo at the bottom of your skin:

<a href="http://twiki.org/"><img src="%PUBURL%/%SYSTEMWEB%/TWikiLogos/T-logo-80x15.gif" alt="This site is powered by the TWiki collaboration platform" width="80" height="15" title="This site is powered by the TWiki collaboration platform" border="0" /></a>

The standard TWiki skins show the logo in the %WEBCOPYRIGHT% variable.

The following template files are used for TWiki screens, and are referenced in the TWiki core code. If a skin doesn't define its own version of a template file, then TWiki will fall back to the next skin in the skin path, or finally, to the default version of the template file.

(Certain template files are expected to provide certain TMPL:DEFs - these are listed in sub-bullets)

addform - used to select a new form for a topic

attachagain - used when refreshing an existing attachment

attachnew - used when attaching a new file to a topic

attachtables - defines the format of attachments at the bottom of the standard topic view

oopslanguagechanged - used to confirm a new language when internationalisation is enabled

oopsleaseconflict - used to format lease Conflict messages

lease_active, lease_old

preview - used for previewing edited topics before saving

rdiff - used for viewing topic differences

registernotify - used by the user registration system

registernotifyadmin - used by the user registration system

rename - used when renaming a topic

renameconfirm - used when renaming a topic

renamedelete - used when renaming a topic

renameweb - used when renaming a web

renamewebconfirm - used when renaming a web

renamewebdelete - used when renaming a web

searchbookview - used to format inline search results in book view

searchformat - used to format inline search results

search - used by the search CGI script

settings

view - used by the view CGI script

viewprint - used to create the printable view

twiki.tmpl is a master template conventionally used by other templates, but not used directly by code.

Note: Make sure templates do not end with a newline. Any newline will expand to an empty <p /> in the generated html. It will produce invalid html, and may break the page layout.

Partial customisation, or adding in new features to an existing skin

You can use recusion in the TMPL:INCLUDE chain (eg twiki.classic.tmpl contains %TMPL:INCLUDE{"twiki"}%, the templating system will include the next twiki.SKIN in the skin path.
For example, to create a customisation of pattern skin, where you only want to remove the edit & WYSIWYG buttons from view page, you create only a view.yourlocal.tmpl:

Because ClassicSkin and the default templates use the same Template definition names, you can over-ride the edit links in them (or any skin derived from them) using the same view.yourlocal.tmpl (just set SKIN=yourlocal,classic either in TWikiPreferences for globally, or a Web's Webname.WebPreferences for a particular web)

The Jump Box and Navigation Box

The box also understands URLs, e.g. you can type http://www.google.com/ to jump to an external web site. The feature is handy if you build a skin that has a select box of frequently used links, like Intranet home, employee database, sales database and such. A little JavaScript gets into action on the onchange method of the select tag to fill the selected URL into the "Go" box field, then submits the form.

Here is an example form that has a select box and the Jump Box for illustration purposes. You need to have JavaScript enabled for this to work:

Bare bones header, for demo only

Navigate:

Jump:

Note: Redirect to a URL only works if it is enabled in configure (Miscellaneous, {AllowRedirectUrl}).

Using Cascading Style Sheets

CSS files are gererally attachments to the skin topic that are included in the the skin templates - in the case of PatternSkin in the template styles.pattern.tmpl.

Attachment Tables

Controlling the look and feel of attachment tables is a little bit more complex than for the rest of a skin. By default, the attachment table is a standard TWiki table, and the look is controlled in the same way as other tables. In a very few cases you may want to change the content of the table as well.

The format of standard attachment tables is defined through the use of special TWiki template macros which by default, are defined in the attachtables.tmpl template using the %TMPL:DEF macro syntax described in TWikiTemplates. These macros are:

Packaging and Publishing Skins

Browsing Installed Skins

Activating Skins

TWiki uses a skin search path, which lets you combine skins additively. The skin path is defined using a combination of TWikiVariables and URL parameters.

TWiki works by asking for a template for a particular function - for example, 'view'. The detail of how templates are searched for is described in TWikiTemplates, but in summary, the templates directory is searched for a file called view.skin.tmpl, where skin is the name of the skin e.g. pattern. If no template is found, then the fallback is to use view.tmpl. Each skin on the path is searched for in turn. For example, if you have set the skin path to local,pattern then view.local.tmpl will be searched for first, then view.pattern.tmpl and finally view.tmpl.

The basic skin is defined by a SKIN setting:

Set SKIN = catskin, bearskin

You can also add a parameter to the URL, such as ?skin=catskin,bearskin:

Setting SKIN (or the ?skin parameter in the URL) replaces the existing skin path setting, for the current page only. You can also extend the existing skin path as well, using covers.

Set COVER = ruskin

This pushes a different skin to the front of the skin search path (so for our example above, that final skin path will be ruskin, catskin, bearskin). There is also an equivalent cover URL parameter. The difference between setting SKIN vs. COVER is that if the chosen template is not found (e.g., for included templates), SKIN will fall back onto the next skin in line, or the default skin, if only one skin was present, while COVER will always fall back onto the current skin.

An example would be invoking the printable mode, which is achieved by applying ?cover=print. The view.print.tmpl simply invokes the viewprint template for the current skin which then can appropriately include all other used templates for the current skin. Where the printable mode be applied by using SKIN, all skins would have the same printable appearance.

The full skin path is built up as follows: SKIN setting (or ?skin if it is set), then COVER setting is added, then ?cover.

Hard-Coded Skins

The text skin is reserved for TWiki internal use.

Skin names starting with rss also have a special meaning; if one or more of the skins in the skin path starts with 'rss' then 8-bit characters will be encoded as XML entities in the output, and the content-type header will be forced to text/xml.

TWiki Meta Data

Additional topic data, program-generated or from TWikiForms, is stored embedded in the topic text using META: tags

Overview

By default, TWiki stores topics in files on disk, in a really simple and obvious directory structure. The big advantage of this approach is that it makes it really easy to manipulate topics from outside TWiki, and is also very safe; there are no complex binary indexes to maintain, and moving a topic from one TWiki to another is as simple as copying a couple of text files.

To keep eveything together in one place, TWiki uses a simple method for embedding additional data (program-generated or from TWikiForms) in topics. It does this using META: tags.

Meta Data Syntax

Format is the same as in TWikiVariables, except all fields have a key.

%META:<type>{key1="value1" key2="value2" ...}%

Order of fields within the meta variables is not defined, except that if there is a field with key name, this appears first for easier searching (note the order of the variables themselves is defined).

Each meta variable is on one line.

Values in meta-data are URL encoded so that characters such as \n can be stored.

META:TOPICMOVED

This is optional, exists if topic has ever been moved. If a topic is moved more than once, only the most recent META:TOPICMOVED meta variable exists in the topic, older ones are to be found in the rcs history.

META:TOPICPARENT

The topic from which this was created, typically when clicking on a red-link, or by filling out a form. Normally just TopicName, but it can be a full Web.TopicName format if the parent is in a different Web.

Recommended Sequence

There is no absolute need for Meta Data variables to be listed in a specific order within a topic, but it makes sense to do so a couple of good reasons:

form fields remain in the order they are defined

the diff function output appears in a logical order

The recommended sequence is:

META:TOPICINFO

META:TOPICPARENT (optional)

text of topic

META:TOPICMOVED (optional)

META:FILEATTACHMENT (0 or more entries)

META:FORM (optional)

META:FIELD (0 or more entries; FORM required)

Viewing Meta Data in Page Source

When viewing a topic the Raw Text link can be clicked to show the text of a topic (i.e., as seen when editing). This is done by adding raw=on to URL. raw=debug shows the meta data as well as the topic data, ex: debug view for this topic

Rendering Meta Data

Meta Data is rendered with the %META% variable. This is mostly used in the view, preview and edit scripts.

You can render form fields in topic text by using the FORMFIELD variable. Example:%FORMFIELD{"TopicClassification"}%
For details, see VarFORMFIELD.

Show form field value. Parameter: name="field_name". Example:%META{ "formfield" name="TopicClassification" }%

%META{"attachments"}%

Show attachments, except for hidden ones. Options: all="on": Show all attachments, including hidden ones.

%META{"moved"}%

Details of any topic moves.

%META{"parent"}%

Show topic parent. Options: dontrecurse="on": By default recurses up tree, at some cost. nowebhome="on": Suppress WebHome. prefix="...": Prefix for parents, only if there are parents, default "". suffix="...": Suffix, only appears if there are parents, default "". separator="...": Separator between parents, default is " > ".

TWiki Add-Ons

Add functionality to TWiki with extensions not based on the TWiki scripts.

Overview

An add-on runs separately from the TWiki scripts, e.g. for data import, export to static HTML, etc. Add-Ons normally do not call any TWiki code directly, though may invoke TWiki scripts. There are different types of add-ons, they may be stand alone scripts, browser plugins, office tool extensions, or even a set of TWiki topics that form a TWiki application.

Creating new Add-Ons

TWiki Contribs

Reusable code that may be used over several plugins and add-ons.

Overview

TWiki contribs extend the functionality of TWiki, typically used by plugins and add-ons. They may also provide alternative implementations for sections of the TWiki core e.g. user management, or when an extension just can't be implemented as a plugin because it requires very close access to TWiki internals.

Creating new Contribs

TWiki Plugins

Add functionality to TWiki with readily available plugins; create plugins based on APIs

Overview

You can add plugins to extend TWiki functionality, without altering the core code. A plug-in approach lets you:

add virtually unlimited features while keeping the main TWiki code compact and efficient;

heavily customize an installation and still do clean updates to new versions of TWiki;

rapidly develop new TWiki functions in Perl using the plugin API.

Everything to do with TWiki plugins - demos, new releases, downloads, development, general discussion - is available at TWiki.org, in the TWiki:Plugins web.

TWiki plugins are developed and contributed by interested members of the community. Plugins are provided on an 'as is' basis; they are not a part of TWiki, but are independently developed and maintained.

Installing Plugins

Each TWiki plugin comes with its own documentation: step-by-step installation instructions, a detailed description of any special requirements, version details, and a working example for testing. Many plugins have an install script that automates these steps for you.

Special Requirements: Some plugins need certain Perl modules to be preinstalled on the host system. Plugins may also use other resources, like graphics, other modules, applications, and templates. You should be able to find detailed instructions in the plugin's documentation.

Each plugin has a standard release topic, located in the TWiki:Plugins web at TWiki.org. There's usually a number of other related topics, such as a developers page, and an appraisal page.

On-Site Pretesting

The recommended approach to testing new plugins before making them public is to create a second local TWiki installation, and test the plugin there. You can allow selected users access to the test area. Once you are satisfied that it won't compromise your main installation, you can install it there as well.

InstalledPlugins shows which plugins are: 1) installed, 2) loading properly, and 3) what TWiki:Codev.PluginHandlers they invoke. Any failures are shown in the Errors section. The %FAILEDPLUGINS% variable can be used to debug failures. You may also want to check your webserver error log and the various TWiki log files.

Some Notes on Plugin Performance

The performance of the system depends to some extent on the number of plugins installed and on the plugin implementation. Some plugins impose no measurable performance decrease, some do. For example, a Plugin might use many Perl libraries that need to be initialized with each page view (unless you run mod_perl). You can only really tell the performance impact by installing the plugin and by measuring the performance with and without the new plugin. Use the TWiki:Plugins.PluginBenchmarkAddOn, or test manually with the Apache ab utility. Example on Unix:time wget -qO /dev/null /foswiki/bin/view/System/AbcPlugin

If you need to install an "expensive" plugin, but you only need its functionality only in a subset of your data, you can disable it elsewhere by defining the %DISABLEDPLUGINS% TWiki variable.

Define DISABLEDPLUGINS to be a comma-separated list of names of plugins to disable. Define it in Main.TWikiPreferences to disable those plugins everywhere, in the WebPreferences topic to disable them in an individual web, or in a topic to disable them in that topic. For example,

* Set DISABLEDPLUGINS = SpreadSheetPlugin, EditTablePlugin

Managing Installed Plugins

Some plugins require additional settings or offer extra options that you have to select. Also, you may want to make a plugin available only in certain webs, or temporarily disable it. And may want to list all available plugins in certain topics. You can handle all of these management tasks with simple procedures:

Enabling Plugins

Plugins can be enabled and disabled with the configure script. An installed plugin needs to be enabled before it can be used.

Plugin Evaluation Order

By default, TWiki executes plugins in alphabetical order on plugin name. It is possible to change the order, for example to evaluate database variables before the spreadsheet CALCs. This can be done with {PluginsOrder} in the plugins section of configure.

Plugin-Specific Settings

Some plugins are configured with plugin preferences variables, newer plugins with configure variables.

Plugin preferences variables are defined in the plugin topic and can be overloaded. The SHORTDESCRIPTION preferences variable is always present, it is needed for the TWiki:Plugins repository on twiki.org. Example preferences variable defined in the TablePlugin topic:

Set SHORTDESCRIPTION = Control attributes of tables and sorting of table columns

Preferences variables of active plugins can be retrieved anywhere in TWiki with %<pluginname>_<var>%, such as %TABLEPLUGIN_SHORTDESCRIPTION%. They can also be redefined with the %<pluginname>_<var>% setting at a lower level in the Main.SitePreferences or at the web level. For an easier upgrade it is recommended to customize plugin preferences variables in Main.SitePreferences only.

The TWiki Plugin API

Available Core Functions

The TWikiFuncDotPm module (lib/TWiki/Func.pm) describes all the interfaces available to plugins. Plugins should only use the interfaces described in this module.

Note: If you use other core functions not described in Func.pm, you run the risk of creating security holes. Also, your plugin will likely break and require updating when you upgrade to a new version of TWiki.

Predefined Hooks

In addition to TWiki core functions, plugins can use predefined hooks, or callbacks, as described in the lib/TWiki/Plugins/EmptyPlugin.pm module.

All but the initPlugin are disabled. To enable a callback, remove DISABLE_ from the function name.

Always audit the plugins you install, and make sure you are happy with the level of security provided. While every effort is made to monitor plugin authors activities, at the end of the day they are uncontrolled user contributions.

Creating Plugins

With a reasonable knowledge of the Perl scripting language, you can create new plugins or modify and extend existing ones. Basic plug-in architecture uses an Application Programming Interface (API), a set of software instructions that allow external code to interact with the main program. The TWiki Plugin API provides the programming interface for TWiki.

Anatomy of a Plugin

A (very) basic TWiki plugin consists of two files:

a Perl module, e.g. MyFirstPlugin.pm

a documentation topic, e.g. MyFirstPlugin.txt

The Perl module can be a block of code that talks to with TWiki alone, or it can include other elements, like other Perl modules (including other plugins), graphics, TWiki templates, external applications (ex: a Java applet), or just about anything else it can call.
In particular, files that should be web-accessible (graphics, Java applets ...) are best placed as attachments of the MyFirstPlugin topic. Other needed Perl code is best placed in a lib/TWiki/Plugins/MyFirstPlugin/ directory.

The plugin API handles the details of connecting your Perl module with main TWiki code. When you're familiar with the Plugin API, you're ready to develop plugins.

The TWiki:Plugins.BuildContrib module provides a lot of support for plugins development, including a plugin creator, automatic publishing support, and automatic installation script writer. If you plan on writing more than one plugin, you probably need it.

Creating the Perl Module

Copy file lib/TWiki/Plugins/EmptyPlugin.pm to <name>Plugin.pm. The EmptyPlugin.pm module contains mostly empty functions, so it does nothing, but it's ready to be used. Customize it. Refer to the Plugin API specs for more information.

If your plugin uses its own modules and objects, you must include the name of the plugin in the package name. For example, write Package MyFirstPlugin::Attrs; instead of just Package Attrs;. Then call it using:

Writing the Documentation Topic

The plugin documentation topic contains usage instructions and version details. It serves the plugin files as FileAttachments for downloading. (The doc topic is also included in the distribution package.) To create a documentation topic:

In the JumpBox enter your plugin name, for example MyFirstPlugin, press enter and create the new topic

paste & save new plugin topic on your site

Customize your plugin topic.

Important: In case you plan to publish your plugin on TWiki.org, use Interwiki names for author names and links to TWiki.org topics, such as TWiki:Main/WikiGuest. This is important because links should work properly in a plugin topic installed on any TWiki, not just on TWiki.org.

Plugin Info: <Version, credits, history, requirements - entered in a form, displayed as a table. Both are automatically generated when you create or edit a page in the TWiki:Plugins web.>"

Packaging for Distribution

The TWiki:Plugins.BuildContrib is a powerful build environment that is used by the TWiki project to build TWiki itself, as well as many of the plugins. You don't have to use it, but it is highly recommended!

If you don't want (or can't) use the BuildContrib, then a minimum plugin release consists of a Perl module with a WikiName that ends in Plugin, ex: MyFirstPlugin.pm, and a documentation page with the same name(MyFirstPlugin.txt).

Distribute the plugin files in a directory structure that mirrors TWiki. If your plugin uses additional files, include them all:

lib/TWiki/Plugins/MyFirstPlugin.pm

data/TWiki/MyFirstPlugin.txt

pub/TWiki/MyFirstPlugin/uparrow.gif [a required graphic]

Create a zip archive with the plugin name (MyFirstPlugin.zip) and add the entire directory structure from Step 1. The archive should look like this:

Publishing for Public Use

You can release your tested, packaged plugin to the TWiki community through the TWiki:Plugins web. All plugins submitted to TWiki.org are available for download and further development in TWiki:Plugins/PluginPackage.

Link from the doc page to a new, blank page named after the plugin, and ending in Dev, ex: MyFirstPluginDev. This is the discussion page for future development. (User support for plugins is handled in TWiki:Support.)

Once you have done the above steps once, you can use the BuildContrib to upload updates to your plugin.

Thank you very much for sharing your plugin with the TWiki community

Recommended Storage of Plugin Specific Data

Plugins sometimes need to store data. This can be plugin internal data such as cache data, or data generated for browser consumption such as images. Plugins should store data using TWikiFuncDotPm functions that support saving and loading of topics and attachments.

Plugin Internal Data

You can create a plugin "work area" using the TWiki::Func::getWorkArea() function, which gives you a persistent directory where you can store data files. By default they will not be web accessible. The directory is guaranteed to exist, and to be writable by the webserver user. For convenience, TWiki::Func::storeFile() and TWiki::Func::readFile() are provided to persistently store and retrieve simple data in this area.

Web Accessible Data

Topic-specific data such as generated images can be stored in the topic's attachment area, which is web accessible. Use the TWiki::Func::saveAttachment() function to store the data.

Recommendation for file name:

Prefix the filename with an underscore (the leading underscore avoids a name clash with files attached to the same topic)

Identify where the attachment originated from, typically by including the plugin name in the file name

Use only alphanumeric characters, underscores, dashes and periods to avoid platform dependency issues and URL issues

Example: _GaugePlugin_img123.gif

Web specific data can be stored in the plugin's attachment area, which is web accessible. Use the TWiki::Func::saveAttachment() function to store the data.

Recommendation for file names in plugin attachment area:

Prefix the filename with an underscore

Include the name of the web in the filename

Use only alphanumeric characters, underscores, dashes and periods to avoid platform dependency issues and URL issues

Example: _Main_roundedge-ul.gif

Integrating with configure

Some TWiki extensions have setup requirements that are best integrated into configure rather than trying to use TWiki preferences variables. These extensions use Config.spec files to publish their configuration requirements.

Config.spec files are read during TWiki configuration. Once a Config.spec has defined a configuration item, it is available for edit through the standard configure interface. Config.spec files are stored in the 'plugin directory' e.g. lib/TWiki/Plugins/BathPlugin/Config.spec.

Structure of a Config.spec file

The Config.spec file for an extension starts with the extension announcing what it is:

# ---+ BathPlugin
# This plugin senses the level of water in your bath, and ensures the plug
# is not removed while the water is still warm.

This is followed by one or more configuration items. Each configuration item has a type, a description and a default. For example:

The type (e.g. **SELECT** ) tells configure to how to prompt for the value. It also tells configure how to do some basic checking on the value you actually enter. All the comments between the type and the configuration item are taken as part of the description. The configuration item itself defines the default value for the configuration item. The above spec defines the configuration items $TWiki::cfg{BathPlugin}{PlugType}, $TWiki::cfg{BathPlugin}{ChainLength}, and $TWiki::cfg{BathPlugin}{TempSensorEnabled} for use in your plugin. For example,

The config.spec file is read by configure, which then writes LocalSite.cfg with the values chosen by the local site admin.

A range of types are available for use in Config.spec files:

BOOLEAN

A true/false value, represented as a checkbox

COMMAND length

A shell command

LANGUAGE

A language (selected from {LocalesDir}

NUMBER

A number

OCTAL

An octal number

PASSWORD length

A password (input is hidden)

PATH length

A file path

PERL

A perl structure, consisting of arrays and hashes

REGEX length

A perl regular expression

SELECT choices

Pick one of a range of choices

SELECTCLASS root

Select a perl package (class)

STRING length

A string

URL length

A url

URLPATH length

A relative URL path

All types can be followed by a comma-separated list of attributes.

EXPERT

means this an expert option

M

means the setting is mandatory (may not be empty)

H

means the option is not visible in configure

See lib/TWiki.spec for many more examples.

Config.spec files for non-plugin extensions are stored under the Contrib directory instead of the Plugins directory.

Note that from TWiki 5.0 onwards, CGI scripts (in the TWiki bin directory) provided by extensions must also have an entry in the Config.spec file. This entry looks like this (example taken from PublishContrib)

PERL specifies a perl data structure, and H a hidden setting (it won't appear in configure). The first field of the data value specifies the class where the function that implements the script can be found. The second field specifies the name of the function, which must be the same as the name of the script. The third parameter is a hash of initial context settings for the script.

Maintaining Plugins

Discussions and Feedback on Plugins

Each published plugin has a plugin development topic on TWiki.org. Plugin development topics are named after your plugin and end in Dev, such as MyFirstPluginDev. The plugin development topic is a great resource to discuss feature enhancements and to get feedback from the TWiki community.

Maintaining Compatibility with Earlier TWiki Versions

The plugin interface (TWikiFuncDotPm functions and plugin handlers) evolve over time. TWiki introduces new API functions to address the needs of plugin authors. Plugins using unofficial TWiki internal functions may no longer work on a TWiki upgrade.

Organizations typically do not upgrade to the latest TWiki for many months. However, many administrators still would like to install the latest versions of a plugin on their older TWiki installation. This need is fulfilled if plugins are maintained in a compatible manner.

Tip: Plugins can be written to be compatible with older and newer TWiki releases. This can be done also for plugins using unofficial TWiki internal functions of an earlier release that no longer work on the latest TWiki codebase.
Here is an example; the TWiki:TWiki.TWikiPluginsSupplement#MaintainPlugins has more details.

Handling deprecated functions

From time-to-time, the TWiki developers will add new functions to the interface (either to TWikiFuncDotPm, or new handlers). Sometimes these improvements mean that old functions have to be deprecated to keep the code manageable. When this happens, the deprecated functions will be supported in the interface for at least one more TWiki release, and probably longer, though this cannot be guaranteed.

When a plugin defines deprecated handlers, a warning will be shown in the list generated by %FAILEDPLUGINS%. Admins who see these warnings should check TWiki.org and if necessary, contact the plugin author, for an updated version of the plugin.

Updated plugins may still need to define deprecated handlers for compatibility with old TWiki versions. In this case, the plugin package that defines old handlers can suppress the warnings in %FAILEDPLUGINS%.

This is done by defining a map from the handler name to the TWiki::Plugins version in which the handler was first deprecated. For example, if we need to define the endRenderingHandler for compatibility with TWiki::Plugins versions before 1.1, we would add this to the plugin:

If the currently-running TWiki version is 1.1 or later, then the handler will not be called and the warning will not be issued. TWiki with versions of TWiki::Plugins before 1.1 will still call the handler as required.

This module defines official functions that TWiki plugins
can use to interact with the TWiki engine and content.

Refer to EmptyPlugin and lib/TWiki/Plugins/EmptyPlugin.pm for a template
plugin and documentation on how to write a plugin.

Plugins should only use functions published in this module. If you use
functions in other TWiki libraries you might create a security hole and
you will probably need to change your plugin when you upgrade TWiki.

Deprecated functions will still work in older code, though they should
not be called in new plugins and should be replaced in older plugins
as soon as possible.

The version of the TWiki::Func module is defined by the VERSION number of the
TWiki::Plugins module, currently 2.3. This can be shown
by the %PLUGINVERSION% TWiki variable, and accessed in code using
$TWiki::Plugins::VERSION. The 'Since' field in the function
documentation refers to $TWiki::Plugins::VERSION.

Notes on use of $TWiki::Plugins::VERSION (from 1.2 forwards):

If the major version (e.g. 1.) is the same then any plugin coded to use any earlier revision of the 1. API will still work. No function has been removed from the interface, nor has any API published in that version changed in such a way as to require plugins to be recoded.

If the minor version (e.g. 1.1) is incremented there may be changes in the API that may help improve the coding of some plugins - for example, new interfaces giving access to previously hidden core functions. In addition, deprecation of functions in the interface trigger a minor version increment. Note that deprecated functions are not removed, they are merely frozen, and plugin authors are recommended to stop using them.

Any additional digits in the version number relate to minor changes, such as the addition of parameters to the existing functions, or addition of utility functions that are unlikely to require significant changes to existing plugins.

TWiki::Plugins::VERSION also applies to the plugin handlers. The handlers are documented in the EmptyPlugin, and that module indicates what version of TWiki::Plugins::VERSION it relates to.

A full history of the changes to this API can be found at the end of this
topic.

Environment

getSkin( ) -> $skin

Get the skin path, set by the SKIN and COVER preferences variables or the skin and cover CGI parameters

getUrlHost( ) -> $host

getScriptUrl( $web, $topic, $script, ... ) -> $url

Compose fully qualified URL

$web - Web name, e.g. 'Main'

$topic - Topic name, e.g. 'WebNotify'

$script - Script name, e.g. 'view'

... - an arbitrary number of name=>value parameter pairs that will be url-encoded and added to the url. The special parameter name '#' is reserved for specifying an anchor. e.g. getScriptUrl('x','y','view','#'=>'XXX',a=>1,b=>2) will give .../view/x/y?a=1&b=2#XXX

getPubUrlPath( ) -> $path

getExternalResource( $url ) -> $response

Get whatever is at the other end of a URL (using an HTTP GET request). Will
only work for encrypted protocols such as https if the LWP CPAN module is
installed.

Note that the $url may have an optional user and password, as specified by
the relevant RFC. Any proxy set in configure is honoured.

The $response is an object that is known to implement the following subset of
the methods of LWP::Response. It may in fact be an LWP::Response object,
but it may also not be if LWP is not available, so callers may only assume
the following subset of methods is available:

code()

message()

header($field)

content()

is_error()

is_redirect()

Note that if LWP is not available, this function:

can only really be trusted for HTTP/1.0 urls. If HTTP/1.1 or another protocol is required, you are strongly recommended to require LWP.

Will not parse multipart content

In the event of the server returning an error, then is_error() will return
true, code() will return a valid HTTP status code
as specified in RFC 2616 and RFC 2518, and message() will return the
message that was received from
the server. In the event of a client-side error (e.g. an unparseable URL)
then is_error() will return true and message() will return an explanatory
message. code() will return 400 (BAD REQUEST).

Note: Callers can easily check the availability of other HTTP::Response methods
as follows:

my $response = TWiki::Func::getExternalResource($url);
if (!$response->is_error() && $response->isa('HTTP::Response')) {
... other methods of HTTP::Response may be called
} else {
... only the methods listed above may be called
}

Since: TWiki::Plugins::VERSION 1.2

getCgiQuery( ) -> $query

Get CGI query object. Important: Plugins cannot assume that scripts run under CGI, Plugins must always test if the CGI query object is set

Return: $query CGI query object; or 0 if script is called as a shell script

Since: TWiki::Plugins::VERSION 1.000 (7 Dec 2002)

getSessionKeys() -> @keys

Get a list of all the names of session variables. The list is unsorted.

Session keys are stored and retrieved using setSessionValue and
getSessionValue.

Since: TWiki::Plugins::VERSION 1.2

getSessionValue( $key ) -> $value

Get a session value from the client session module

$key - Session key

Return: $value Value associated with key; empty string if not set

Since: TWiki::Plugins::VERSION 1.000 (27 Feb 200)

setSessionValue( $key, $value ) -> $boolean

Set a session value.

$key - Session key

$value - Value associated with key

Return: true if function succeeded

Since: TWiki::Plugins::VERSION 1.000 (17 Aug 2001)

clearSessionValue( $key ) -> $boolean

Clear a session value that was set using setSessionValue.

$key - name of value stored in session to be cleared. Note that you cannot clear AUTHUSER.

Return: true if the session value was cleared

Since: TWiki::Plugins::VERSION 1.1

getContext() -> \%hash

Get a hash of context identifiers representing the currently active
context.

The context is a set of identifiers that are set
during specific phases of TWiki processing. For example, each of
the standard scripts in the 'bin' directory each has a context
identifier - the view script has 'view', the edit script has 'edit'
etc. So you can easily tell what 'type' of script your Plugin is
being called within. The core context identifiers are listed
in the IfStatements topic. Please be careful not to
overwrite any of these identifiers!

Context identifiers can be used to communicate between Plugins, and between
Plugins and templates. For example, in FirstPlugin.pm, you might write:

%TMPL:DEF{"ON"}% Not off %TMPL:END%
%TMPL:DEF{"OFF"}% Not on %TMPL:END%
%TMPL:P{context="MyID" then="ON" else="OFF"}%

or in a topic:

%IF{"context MyID" then="MyID is ON" else="MyID is OFF"}%

Note: all plugins have an automatically generated context identifier
if they are installed and initialised. For example, if the FirstPlugin is
working, the context ID 'FirstPlugin' will be set.

Since: TWiki::Plugins::VERSION 1.1

pushTopicContext($web, $topic)

$web - new web

$topic - new topic

Change the TWiki context so it behaves as if it was processing $web.$topic
from now on. All the preferences will be reset to those of the new topic.
Note that if the new topic is not readable by the logged in user due to
access control considerations, there will not be an exception. It is the
duty of the caller to check access permissions before changing the topic.

It is the duty of the caller to restore the original context by calling
popTopicContext.

Note that this call does not re-initialise plugins, so if you have used
global variables to remember the web and topic in initPlugin, then those
values will be unchanged.

Since: TWiki::Plugins::VERSION 1.2

popTopicContext()

Returns the TWiki context to the state it was in before the
pushTopicContext was called.

Since: TWiki::Plugins::VERSION 1.2

Preferences

getPreferencesValue( $key, $web ) -> $value

Get a preferences value from TWiki or from a Plugin

$key - Preferences key

$web - Name of web, optional. Current web if not specified; does not apply to settings of Plugin topics

NOTE: As of TWiki4.1, if $NO_PREFS_IN_TOPIC is enabled in the plugin, then
preferences set in the plugin topic will be ignored.

getPluginPreferencesFlag( $key ) -> $boolean

Get a preferences flag from your Plugin

$key - Plugin Preferences key w/o PLUGINNAME_ prefix.

Return: false for preferences values "off", "no" and "0", or values not set at all. True otherwise.

Note: This function will will only work when called from the Plugin.pm file itself. it will not work if called from a sub-package (e.g. TWiki::Plugins::MyPlugin::MyModule)

Since: TWiki::Plugins::VERSION 1.021 (27 Mar 2004)

NOTE: As of TWiki4.1, if $NO_PREFS_IN_TOPIC is enabled in the plugin, then
preferences set in the plugin topic will be ignored.

setPreferencesValue($name, $val)

Set the preferences value so that future calls to getPreferencesValue will
return this value, and %$name% will expand to the preference when used in
future variable expansions.

The preference only persists for the rest of this request. Finalised
preferences cannot be redefined using this function.

Returns 1 if the preference was defined, and 0 otherwise.

getWikiToolName( ) -> $name

Get toolname as defined in TWiki.cfg

Return: $name Name of tool, e.g. 'TWiki'

Since: TWiki::Plugins::VERSION 1.000 (27 Feb 2001)

getMainWebname( ) -> $name

Get name of Main web as defined in TWiki.cfg

Return: $name Name, e.g. 'Main'

Since: TWiki::Plugins::VERSION 1.000 (27 Feb 2001)

getTwikiWebname( ) -> $name

Get name of TWiki documentation web as defined in TWiki.cfg

Return: $name Name, e.g. 'TWiki'

Since: TWiki::Plugins::VERSION 1.000 (27 Feb 2001)

User Handling and Access Control

getDefaultUserName( ) -> $loginName

Get default user name as defined in the configuration as DefaultUserLogin

Return: $loginName Default user name, e.g. 'guest'

Since: TWiki::Plugins::VERSION 1.000 (7 Dec 2002)

getCanonicalUserID( $user ) -> $cUID

$user can be a login, wikiname or web.wikiname

Return the cUID of the specified user. A cUID is a unique identifier which
is assigned by TWiki for each user.
BEWARE: While the default TWikiUserMapping uses a cUID that looks like a user's
LoginName, some characters are modified to make them compatible with rcs.
Other usermappings may use other conventions - the JoomlaUserMapping
for example, has cUIDs like 'JoomlaeUserMapping_1234'.

If $user is undefined, it assumes the currently logged-in user.

Return: $cUID, an internal unique and portable escaped identifier for
registered users. This may be autogenerated for an authenticated but
unregistered user.

Since: TWiki::Plugins::VERSION 1.2

getWikiName( $user ) -> $wikiName

return the WikiName of the specified user
if $user is undefined Get Wiki name of logged in user

$user can be a cUID, login, wikiname or web.wikiname

Return: $wikiName Wiki Name, e.g. 'JohnDoe'

Since: TWiki::Plugins::VERSION 1.000 (7 Dec 2002)

getWikiUserName( $user ) -> $wikiName

return the userWeb.WikiName of the specified user
if $user is undefined Get Wiki name of logged in user

$user can be a cUID, login, wikiname or web.wikiname

Return: $wikiName Wiki Name, e.g. "Main.JohnDoe"

Since: TWiki::Plugins::VERSION 1.000 (7 Dec 2002)

wikiToUserName( $id ) -> $loginName

Translate a Wiki name to a login name.

$id - Wiki name, e.g. 'Main.JohnDoe' or 'JohnDoe'. Since TWiki 4.2.1, $id may also be a login name. This will normally be transparent, but should be borne in mind if you have login names that are also legal wiki names.

Return: $loginName Login name of user, e.g. 'jdoe', or undef if not
matched.

Note that it is possible for several login names to map to the same wikiname.
This function will only return the first login name that maps to the
wikiname.

userToWikiName( $loginName, $dontAddWeb ) -> $wikiName

$loginName - Login name, e.g. 'jdoe'. Since TWiki 4.2.1 this may also be a wiki name. This will normally be transparent, but may be relevant if you have login names that are also valid wiki names.

$dontAddWeb - Do not add web prefix if "1"

Return: $wikiName Wiki name of user, e.g. 'Main.JohnDoe' or 'JohnDoe'

userToWikiName will always return a name. If the user does not
exist in the mapping, the $loginName parameter is returned. (backward compatibility)

Since: TWiki::Plugins::VERSION 1.000 (7 Dec 2002)

emailToWikiNames( $email, $dontAddWeb ) -> @wikiNames

$email - email address to look up

$dontAddWeb - Do not add web prefix if "1"

Find the wikinames of all users who have the given email address as their
registered address. Since several users could register with the same email
address, this returns a list of wikinames rather than a single wikiname.

Since: TWiki::Plugins::VERSION 1.2

wikinameToEmails( $user ) -> @emails

$user - wikiname of user to look up

Returns the registered email addresses of the named user. If $user is
undef, returns the registered email addresses for the logged-in user.

Since TWiki 4.2.1, $user may also be a login name, or the name of a group.

You are setting different access controls in the text to those defined in the stored topic,

You already have the topic text in hand, and want to help TWiki avoid having to read it again,

You are providing a $meta parameter.

$topic - Topic name, required, e.g. 'PrivateStuff'

$web - Web name, required, e.g. 'Sandbox'

$meta - Meta-data object, as returned by readTopic. Optional. If undef, but $text is defined, then access controls will be parsed from $text. If defined, then metadata embedded in $text will be ignored. This parameter is always ignored if $text is undefined. Settings in $meta override Set settings in $text.

A perl true result indicates that access is permitted.

Note the weird parameter order is due to compatibility constraints with
earlier TWiki releases.

Tip if you want, you can use this method to check your own access control types. For example, if you:

in ThatWeb.ThisTopic, then a call to checkAccessPermission('SPIN', 'IncyWincy', undef, 'ThisTopic', 'ThatWeb', undef) will return true.

Since: TWiki::Plugins::VERSION 1.000 (27 Feb 2001)

Webs, Topics and Attachments

getListOfWebs( $filter ) -> @webs

$filter - spec of web types to recover

Gets a list of webs, filtered according to the spec in the $filter,
which may include one of:

'user' (for only user webs)

'template' (for only template webs i.e. those starting with "_")

$filter may also contain the word 'public' which will further filter
out webs that have NOSEARCHALL set on them.
'allowed' filters out webs the current user can't read.

For example, the deprecated getPublicWebList function can be duplicated
as follows:

my @webs = TWiki::Func::getListOfWebs( "user,public" );

Since: TWiki::Plugins::VERSION 1.1

webExists( $web ) -> $boolean

Test if web exists

$web - Web name, required, e.g. 'Sandbox'

Since: TWiki::Plugins::VERSION 1.000 (14 Jul 2001)

createWeb( $newWeb, $baseWeb, $opts )

$newWeb is the name of the new web.

$baseWeb is the name of an existing web (a template web). If the base web is a system web, all topics in it will be copied into the new web. If it is a normal web, only topics starting with 'Web' will be copied. If no base web is specified, an empty web (with no topics) will be created. If it is specified but does not exist, an error will be thrown.

eachChangeSince($web, $time) -> $iterator

Get an iterator over the list of all the changes in the given web between
$time and now. $time is a time in seconds since 1st Jan 1970, and is not
guaranteed to return any changes that occurred before (now -
{Store}{RememberChangesFor}). {Store}{RememberChangesFor}) is a
setting in configure. Changes are returned in most-recent-first
order.

Use it as follows:

my $iterator = TWiki::Func::eachChangeSince(
$web, time() - 7 * 24 * 60 * 60); # the last 7 days
while ($iterator->hasNext()) {
my $change = $iterator->next();
# $change is a perl hash that contains the following fields:
# topic => topic name
# user => wikiname - wikiname of user who made the change
# time => time of the change
# revision => revision number *after* the change
# more => more info about the change (e.g. 'minor')
}

topicExists( $web, $topic ) -> $boolean

$web and $topic are parsed as described in the documentation for normalizeWebTopicName.
Specifically, the Main is used if $web is not specified and $topic has no web specifier.
To get an expected behaviour it is recommened to specify the current web for $web; don't leave it empty.

setTopicEditLock( $web, $topic, $lock )

$web Web name, e.g. "Main", or empty

$topic Topic name, e.g. "MyTopic", or "Main.MyTopic"

$lock 1 to lease the topic, 0 to clear an existing lease

Takes out a "lease" on the topic. The lease doesn't prevent
anyone from editing and changing the topic, but it does redirect them
to a warning screen, so this provides some protection. The edit script
always takes out a lease.

It is impossible to fully lock a topic. Concurrent changes will be
merged.